Exchange 2013 ABC's: Architecture, Best Practices and Client Access
-
Upload
microsoft-technet-belgium-and-luxembourg -
Category
Technology
-
view
18 -
download
3
description
Transcript of Exchange 2013 ABC's: Architecture, Best Practices and Client Access
![Page 1: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/1.jpg)
© Microsoft Corporation. All Rights Reserved.
Exchange Server 2013 ABCsArchitecture, Best-Practices, Client Access
![Page 2: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/2.jpg)
Belgian Unified Communications CommunityThe Belgian User Group is bunch of subject matter experts on Exchange , Lync and Office 365 that aim to provide a central point of interest for like-minded IT professionals.
Regular free in-person events & TechNet Livemeeting sessionsNext event: January 23rd – “Office 365 vNext” (by Ilse Van Criekinge)
Follow our blog posts on http://www.pro-exchange.beFollow us on Twitter @ProExchangeSpread the word!
© Microsoft Corporation. All Rights Reserved.
![Page 3: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/3.jpg)
SpeakerMichael Van HorenbeeckTechnology Consultant @ Xylos
Exchange Server MVPPro-Exchange Core MemberMicrosoft MEET Member
[email protected]@mvanhorenbeeckhttp://be.linkedin.com/in/mvanhorenbeeck
![Page 4: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/4.jpg)
Poll
Did you already work with or install Exchange
2013 (in a lab)?
![Page 5: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/5.jpg)
Agenda• The new Exchange 2013 Architecture• Protocol flows• Deploying Exchange 2013• Q&A
![Page 6: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/6.jpg)
The new Exchange 2013 Architecture paradigmArchitecture
![Page 7: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/7.jpg)
Previous Server Role Architecture (2010)
• 5 server roles
• Tightly-coupledin terms of• versioning• functionality• user partitioning• geo-affinity
Internal NetworkPhone system (PBX or VOIP)
Web browser
Outlook (remote user)
Mobile phone
Line of business application
MailboxStores mailbox
and public folder items
Unified MessagingVoice mail and
voice access
Client AccessClient connectivity
Web services
Outlook (local user)
Layer 7 LB
AD
ExternalSMTP
servers
Edge TransportRouting and
AV/AS
Hub TransportRouting and policy
Forefront Online Protection for
Exchange
![Page 8: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/8.jpg)
Copyright© Microsoft Corporation
Challenges with existing model
Exchange deployments can be complicated
Load balancing is difficult and can require expensive solutions
When dedicated server roles are deployed, hardware can go unutilized or under-utilized
Too many namespaces required
![Page 9: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/9.jpg)
Copyright© Microsoft Corporation
Exchange 2013 Architecture Theme
Use Building Blocks to facilitate deployments at all scales – from self-hosted, small organizations to Office 365• Server role evolution• Network layer improvements• Versioning and inter-op
principles
![Page 10: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/10.jpg)
Exchange Server 2013 Architecture
Building BlocksClient Access server• CAS ArrayMailbox server• DAG
Loosely-coupled• Functionality• Versioning• User partitioning• Geo-affinity
Internal Network
Web browser
Outlook (remote user)
Mobile phone
LOB Application
ExternalSMTP
servers
Exchange 2010Edge
Transport
Forefront Online Protection for
Exchange
CAS(Array)
MBX(DAG)
Outlook (local user)
Layer
4 l
oad
bala
ncin
g
Phone system (PBX or VOIP)
![Page 11: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/11.jpg)
Protocols, Server Agents
Business Logic
Storage
EWS
RPC CA
Transport
Assistants
MRSMRSProx
yEWS
RPC CA
Transport
Assistants
MRSMRSProx
y
Server1 (Vn) Server2 (Vn+1)
XSO MailItem
Other APICTS
Store
ESE
Contentindex
File system
XSO MailItem
Other APICTS
Store
ESE
Contentindex
File system
SMTP
MRS proxyprotocol
EWS protocol
Custom WS
Banned
“Every Server is an Island”
E2010
![Page 12: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/12.jpg)
Functional Layering
AuthN, Proxy, Re-direct
Protocols, API, Biz-logic
Assistants, Store, CI
Exchange 2010Architecture
AuthN, Proxy, Re-direct
Store, CI
Protocols, Assistants, API,
Biz-logic
Exchange 2013Architecture
Client Access
Mailbox
Client AccessHub Transport,
Unified Messaging
Mailbox
HardwareLoad Balancer
L4 LBL7 LB
![Page 13: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/13.jpg)
Client Access Server RoleArchitecture
![Page 14: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/14.jpg)
Client Access Server role• Domain-joined machine in the internal Active
Directory forest• Thin, stateless (protocol session) server
• Comprised of three components:• Client access protocols (HTTP, IMAP, POP)• SMTP• UM Call Router
• Exchange-aware proxy server• Understands requests from different protocols (OWA, EWS, etc.)• Supports proxy and redirection logic for client protocols• Capable of supporting legacy servers with redirect or proxy logic• Contains logic to route specific protocol requests to their destination end-point
![Page 15: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/15.jpg)
Client Access Array• A group of CAS organized in a load-balanced
configuration• Designed to work with TCP affinity (aka, layer 4 LB)• Does not require session affinity (aka, layer 7 LB)
• Provides a unified namespace and authentication• Similar to Exchange 2010 in terms of providing a unified
endpoint for client connectivity and authentication
![Page 16: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/16.jpg)
Load Balancer
MDB
HTTP Proxy
IISClient Acces
s
RPC CA
Mailbox
IIS
RPS OWA, EAS, EWS, ECP, OAB
POP, IMAP SMTP UM
POP IMAP
Transport UM
SMTPPOP, IMAPHTTP
MailQ
Client Protocol Architecture in Exchange 2013
RpcProxy
SMTP
SIP
Redirect
SIP + RTP
POP/IMAPOutlook Web App Outlook EAS EAC PowerShell
![Page 17: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/17.jpg)
Outlook Connectivity in Exchange 2013• Exchange 2013 supports RPC/HTTP only; No
RPC/TCP Simplifies the protocol stack Provides an extremely reliable and stable connectivity model because RPC session is always on Mailbox server hosting active copy
Eliminates need for RPC CAS Array namespace(s) Eliminates end user interruptions like “The Exchange administrator has made a change that requires you to quit and restart Outlook” during mailbox moves or *overs
![Page 18: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/18.jpg)
Namespace Simplification
• Exchange 2013 no longer requires multiple namespaces for site resilient solutions or site specific scenarios
• Easy to setup a single, worldwide client access namespace Can be used in coexistence with Exchange 2010
![Page 19: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/19.jpg)
A Single Common Namespace ExampleGeographical DNS Solution
Sue (somewhere in
NA) DNS Resolution
DAG
VIP #1 VIP #2
Sue (traveling in APAC)DNS Resolution via Geo-
DNSRound-Robin between # of VIPs
DAG
VIP #3 VIP #4
mail.contoso.com
Round-Robin between # of VIPs
![Page 20: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/20.jpg)
FE Transport ServiceArchitecture
![Page 21: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/21.jpg)
Handles all inbound and outbound external SMTP traffic for the organization, as well as client endpoint for SMTP traffic; but does not replace the Edge Transport Server role
Functions as a layer 7 proxy and has full access to protocol conversation
Will not queue mail locally, and will be completely stateless
All outbound traffic appears to come from CAS 2013
Listens on TCP25 and TCP587 (two receive connectors)
Front-End Transport Service
![Page 22: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/22.jpg)
Front-End Transport Service Architecture
Front-End Transport Pipeline
SMTP SendSMTP Receive
Protocol Agents
SMTP to MBX 2013SMTP from MBX 2013
External SMTP External SMTP
Hub Selector
![Page 23: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/23.jpg)
Bifurcation does not occur on Front-End transport (FET), so only one DAG or MBX 2013 is selected, regardless of the number of recipients in a message
FET uses delivery groups: DAG, mailbox, AD site
Server selection within the delivery group is based on recipient type• If message only has a single mailbox recipient, select MBX server
within delivery group based on proximity of AD site• If multiple mailbox recipients, select MBX server in closest delivery
group, factoring in site proximity• If there are no mailbox recipients (DG, MEUs, etc.), select a random
MBX 2013, giving preference to local AD site
Entry Point Routing
23
![Page 24: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/24.jpg)
Mailbox Server RoleArchitecture
![Page 25: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/25.jpg)
Mailbox Server Role• Server that hosts the components that
process, render and store Exchange data• Includes components previously found in separate
roles• Only Client Access servers connect directly to
the Mailbox server• Clients connect to Client Access servers• Connectivity to a mailbox is always provided by
the server hosting the active copy of the database
![Page 26: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/26.jpg)
Database Availability Group• Collection of servers that form a unit of
high availability• Boundary for replication and *over• DAG members can be in different sites• Can have a maximum of 16 Mailbox
servers
MBX1
MBX2
MBX16
![Page 27: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/27.jpg)
Copyright© Microsoft Corporation
Mailbox-related changes
Managed Store
IOPS reductions
Larger mailbox support
Modern public folders
New search infrastructure
![Page 28: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/28.jpg)
Managed Store• Store service process
(Microsoft.Exchange.Store.Service.exe)• Manages worker process lifetime based on
mount/dismount• Logs failure item when store worker process problems
detected• Terminates store worker process in response to “dirty”
dismount during failover• Store worker process
(Microsoft.Exchange.Store.Worker.exe)• One process per database, RPC endpoint instance is
database GUID• Responsible for block-mode replication for passive
databases• Fast transition to active when mounted• Transition from passive active increases ESE cache size
5X
![Page 29: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/29.jpg)
Microsoft Exchange Replication service• MSExchangeRepl.exe• Detecting unexpected database failures• Issues mount/dismount operations to Store• Provides administrative interface for management tasks• Initiates failovers on failures reported by ESE, Store and Responders
![Page 30: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/30.jpg)
ESE Cache Management• Algorithm allocates memory for ESE cache for store worker processes
based on RAM (max cache target)
• ESE cache allocated to each database (store worker process) based on number of local database copies and value of MaximumActiveDatabases• Static amount of cache allocated to passive and active copies
• Store worker process will only use max cache target when operating as active• Passive database allocates 20% of max cache target
• Max cache target computed at service process startup• Restart service process when adding/removing copies or changing maximum active
database configuration
![Page 31: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/31.jpg)
IOPS Reductions• Improvements to logical contiguity of store schema• Property blobs are used to store actual message
properties• Several messages / page means fewer large IOs to
retrieve message properties• Use of long-value storage is reduced, though when
accessed, large sequential IOs are used• Reduction in passive copy IO• 100MB checkpoint depth reduces write IO• Transaction log code has been refactored for fast failover
with deep checkpoint
![Page 32: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/32.jpg)
IOPS Reductions
Exchange 2003 Exchange 2007 Exchange 2010 Exchange 20130
0.2
0.4
0.6
0.8
1
DB IOPS/Mailbox
IOPS/Mailbox
+97% Reduction!
![Page 33: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/33.jpg)
Support for Larger Mailboxes• Large Mailbox Size is 100
GB+• Aggregate Mailbox =
Primary Mailbox + Archive Mailbox + Recoverable Items
• 1-2 years of mail (minimum)
• Increase IW productivity• Eliminate or reduce PST files• Eliminate or reduce third-
party archive solutions• OST size control with Outlook
2013
Time Items Mailbox Size
1 Day 150 11 MB
1 Month 3300 242 MB
1 Year 39000 2.8 GB
2 Years 78000 5.6 GB
4 Years 156000 11.2 GB
![Page 34: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/34.jpg)
Modern Public Folders• Public folders based on the mailbox
architecture • Single-master model
• Hierarchy is stored in a PF mailbox (one writeable)• Content can be broken up and placed in multiple
mailboxes• The hierarchy folder points to the target content
mailbox• Because it’s a mailbox, it’s in a mailbox
database…thus,• High availability achieved through continuous
replication• No separate replication mechanism
• Similar administrative features to current PFs• No end-user changes
MBX2013
CAS2013
MBX2013
MBX2013
Public logon
Private logon
Public logon
Content MailboxHierarchy
Mailbox
![Page 35: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/35.jpg)
Modern Public Folders• 1 - User connects to their home
Public Folder mailbox first, which should be located near their primary mailbox.
• 2- Folder contents live in one specific mailbox for that folder. All content operations are redirected to the mailbox for that folder
• 3 – Folder hierarchy changes are intercepted and written to writeable copy of Public Folder hierarchy
• 4 – All Public Folder mailboxes listen for hierarchy changes and update similar to Outlook clients
• 5 - When a Public Folder mailbox gets full, move some folders to a new mailbox
1
2 3 5
4
![Page 36: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/36.jpg)
Copyright© Microsoft Corporation
New Search Infrastructure
Uses FAST
Significantly improved query performance
Significantly improved indexing performance
![Page 37: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/37.jpg)
FAST Primer
FAST Core
Catalog
CTS
Incoming Documents
FilterWord Break
Content
XForm
MARS Write
r
Incoming Queries
“CTS Flow”
IMSContent XForm
Query
Parse
“IMS Flow”
Res
ults
![Page 38: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/38.jpg)
Mailbox
DB
Idx
Passive
Exchange Search Infrastructure
TransportTransport CTS
MailboxStore
DB
Index Node
Idx
ExSearch
Loca
l Del
iver
y
Reliable
Event
CTS
Read Content
MBX2013
LogLog
MBX2013
![Page 39: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/39.jpg)
Back-end Transport ServiceArchitecture
![Page 40: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/40.jpg)
Transport Components• Transport on Mailbox server is three services
• Microsoft Exchange Transport - Stateful and handles SMTP mail flow for the organization and performs content inspection
• Microsoft Exchange Mailbox Transport Delivery - Receives mail from the Transport service and deliveries to the mailbox database
• Microsoft Exchange Mailbox Transport Submission - Takes mail from the mailbox databases and submits to the Transport service
• Transport has the following responsibilities• Receives all inbound mail to the organization• Submits all outbound mail from the organization• Handles all internal message processing such as transport rules, content filtering,
and antivirus• Performs mail flow routing• Queue messages• Supports SMTP extensibility
![Page 41: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/41.jpg)
Transport Service Architecture
Transport Pipeline
SMTP to MBX Transport Submission
SMTP from MBX Transport Delivery
SMTP SMTP
Delivery Agents for other protocols
Submission Queue
Delivery Queue
Delivery Queue
Pickup/Replay
Categorizer
Routing Agents
SMTP Send
SMTP ReceiveProtocol Agents
![Page 42: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/42.jpg)
Mailbox Transport SubmissionMailbox Transport Delivery
Mailbox Transport Component Architecture
Mailbox Transport Pipeline
Store Driver Deliver
MBX Deliver Agents
SMTP SendSMTP Receive
Hub Selector (Router)
Store Driver Submit
MBX Assistants
MBX Submit Agents
MAPI MAPI
Mailbox Store
SMTP to Transport Service
SMTP from Transport Service
![Page 43: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/43.jpg)
Mailbox Transport Component• Two separate services to handle mail submissions (from
the store) and mail delivery (from the Transport service)• Mailbox Assistant and Store Driver combined• Leverages SMTP (encrypted) for communication with the
Transport component and TCP465 for inbound traffic• Leverages local RPC for delivery to store• Is stateless and does not have a persistent storage
mechanism
![Page 44: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/44.jpg)
Every message is redundantly persisted before its receipt is acknowledged to the sender
Delivered messages are kept redundant in transport, similar to active messages
Every DAG represents a transport HA boundary and owns its HA implementationIf you have a stretched DAG, you also have transport site resilience
Resubmits due to transport DB loss or MDB *over are fully automatic and do not require any manual involvement
Transport High Availability Improvements
45
![Page 45: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/45.jpg)
Mail Delivery Flow
DAGMBX1
MBX Transport
Transport
DB2DB1
MBX2
MBX Transport
Transport
DB2DB1DB1 DB1
MAPI MAPI
SMTP
![Page 46: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/46.jpg)
AutodiscoverProtocol Flows
![Page 47: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/47.jpg)
CAS2013 Client Protocol Connectivity FlowExchange Server 2010 Coexistence - Autodiscover (External clients)
autodiscover.contoso.com
PROXY
Clients
E2010/E2007 MBX
E2010 MBX
Internet facing site
E2013 MBX
E2013 CAS
Intranet site
E2010 MBX
E2010 CAS E2010 CAS
PROXYCAS 2010 handles request
CAS 2010 handles request
![Page 48: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/48.jpg)
CAS2013 Client Protocol Connectivity FlowExchange Server 2007 Coexistence - Autodiscover (External clients)
autodiscover.contoso.com
PROXY
Clients
E2010/E2007 MBX
E2007 MBX
Internet facing site
E2013 MBX
E2013 CAS
Intranet site
E2007 MBX
E2007 CAS E2007 CAS
MBX 2013 handles request
![Page 49: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/49.jpg)
CAS2013 Client Protocol Connectivity FlowExchange Server 2010 Coexistence - Autodiscover (Internal clients)
Internal LB namespace
PROXY
Outlook Clients
E2010/E2007 MBX
E2010 MBX
Internet facing site
E2013 MBX
E2013 CAS
Intranet site
E2010 MBX
E2010 CAS E2010 CAS
PROXYCAS 2010 handles request
CAS 2010 handles request
Lookup SCP records in AD
![Page 50: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/50.jpg)
CAS2013 Client Protocol Connectivity FlowExchange Server 2007 Coexistence - Autodiscover (Internal clients)
Internal LB namespace
Outlook Clients
E2010/E2007 MBX
E2007 MBX
Internet facing site
E2013 MBX
E2013 CAS
Intranet site
E2007 MBX
E2007 CAS E2007CAS
MBX 2013 handles request
Lookup SCP records in AD
![Page 51: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/51.jpg)
OutlookProtocol Flows
![Page 52: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/52.jpg)
Internal Outlook Connectivity• No changes to 2007/10 – still direct to mailbox
(2007) and RPC Client Access on CAS (2010)• 2013 users use Outlook Anywhere inside and out• AutoDiscover 2013 hands back two EXHTTP nodes
for 2013 users, one for Internal OA, one for external – client starts at the top of the list and works down
![Page 53: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/53.jpg)
CAS2013 Client Protocol Connectivity FlowExchange Server 2007 and 2010 Coexistence - Outlook Anywhere
mail.contoso.com
HTTPPROXY
Clients
E2010/E2007 MBXE2010/E2007
MBX Internet facing site
E2013 MBX
E2013 CAS
RPC/HTTP
Intranet site
E2010/E2007 MBX
Enable OAClient Auth: BasicIIS Auth: Basic
E2010/E2007 CAS Enable OA
Client Auth: BasicIIS Auth: Basic
E2010/E2007 CAS
HTTPPROXY 2. Client Settings
Make 2007/2010 client settings the same as 2013 Server
3. IIS Authentication Methods
Must include NTLMRPC
NTLM NTLM
Enable OAClient Auth: BasicIIS Auth: Basic
RPC
RPC/HTTP
1. Enable Outlook Anywhere
On intranet 2007/2010 servers
![Page 54: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/54.jpg)
OWAProtocol Flows
![Page 55: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/55.jpg)
CAS2013 Client Protocol Connectivity FlowExchange Server 2010 Coexistence - OWA
mail.contoso.comLayer 4 LB
HTTPPROXY
OWA
E2010/E2007 MBX
E2010 MBX
Internet facing site
E2013 MBX
E2013 CAS
Intranet site
E2010 MBX
E2010 CAS E2010 CAS
HTTPPROXY
Same site proxy request
Cross site proxy request
Auth2013 logon page
europe.mail.contoso.com
Layer 7 LB
Auth2010 logon page
RPC RPC
![Page 56: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/56.jpg)
CAS2013 Client Protocol Connectivity FlowExchange Server 2007 Coexistence - OWA
mail.contoso.comLayer 4 LB
OWA
E2010/E2007 MBX
E2007 MBX
Internet facing site
E2013 MBX
E2013 CAS
Intranet site
E2007 MBX
E2007 CAS E2007 CAS
HTTPPROXY
Auth2007 logon page
Auth2013 logon page
europe.mail.contoso.com
Layer 7 LB
Auth2007 logon page
RPC RPC
legacy.mail.contoso.com
Layer 7 LB
![Page 57: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/57.jpg)
EWS/EASProtocol Flows
![Page 58: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/58.jpg)
CAS2013 Client Protocol Connectivity FlowExchange Server 2010 Coexistence – EAS/EWS
Layer 4 LB
mail.contoso.com
HTTPPROXY
EAS/EWS
E2010/E2007 MBX
E2010 MBX
Internet facing site
E2013 MBX
E2013 CAS
Intranet site
E2010 MBX
E2010 CAS E2010 CAS
HTTPPROXY
Same site proxy request
Cross site proxy request
Layer 7 LB
europe.mail.contoso.com
![Page 59: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/59.jpg)
CAS2013 Client Protocol Connectivity FlowExchange Server 2007 Coexistence – EAS, EWS
Layer 4 LB
mail.contoso.com
EAS, EWS
E2010/E2007 MBX
E2007 MBX
Internet facing site
E2013 MBX
E2013 CAS
Intranet site
E2007 MBX
E2007 CAS E2007 CAS
Layer 7 LB
europe.mail.contoso.comLayer 7 LB
legacy.mail.contoso.com
![Page 60: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/60.jpg)
Protocol Flow Summary• Basic principles to apply are;• Co-Existence with 2010 – CAS 2013 proxies all traffic to
CAS 2010• Co-Existence with 2007 – CAS 2013 redirects most traffic
to CAS 2007, proxies AutoDiscover, POP and IMAP• We no longer do HTTP 451 redirects• We hand out site specific URL’s if they are set, but if a
client comes to the wrong place, we just proxy and make it work
![Page 61: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/61.jpg)
Namespace planning
![Page 62: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/62.jpg)
Namespace Planning Principles• Exchange Server 2013 gives you a greater possibility of creating
simplified namespaces as CAS will proxy in more scenarios• Assuming you have the network and DNS infrastructure to support it
that is… • Single flat namespaces typically make more sense externally than
internally though really, it’s only OWA where this makes sense• Our guidance is to make internal and external namespace designs the
same if you can, as it makes troubleshooting easier• Or if you cannot, use regional/site namespaces, including cases where
you want to control traffic• Remember AutoDiscover masks a lot of the URL’s clients need
![Page 63: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/63.jpg)
A Single External Namespace Example
Geographical DNS Solution
Sue (somewhere in
NA) DNS Resolution
DAG
VIP #1 VIP #2
Sue (traveling in APAC)DNS Resolution via Geo-
DNSRound-Robin between # of VIPs
DAG
VIP #3 VIP #4
mail.contoso.com
Round-Robin between # of VIPs
![Page 64: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/64.jpg)
Multiple Namespace ExampleSue
(somewhere in NA)
DAG
VIP #1 VIP #2
Sue (traveling in APAC)
Round-Robin between # of
VIPs
DAG
VIP #3 VIP #4
na.contoso.com emea.contoso.com
Sue (somewher
e in NA)
Sue (traveling in APAC)
Round-Robin between # of
VIPsna.contoso.local emea.contoso.local
![Page 65: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/65.jpg)
Deploying Exchange 2013Deployment
![Page 66: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/66.jpg)
Exchange 2013 Prerequisites• Supported coexistence scenarios• Exchange Server 2010 SP3*• Exchange Server 2007 SP3 (+ coexistence RU*)
• Supported client access methods• Outlook 2013, Outlook 2010, Outlook 2007• RPC over HTTP is only method of connectivity for Outlook
clients• Entourage 2008 for Mac, Web Services Edition• Outlook for Mac 2011
![Page 67: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/67.jpg)
Exchange 2013 Prerequisites• Active Directory• Windows Server 2003 forest functional level or higher• At least one Windows 2003 SP2 or later GC/DC in each site• No support for RODC or ROGC
• Supported Namespaces• Contiguous• Disjoint• Single label domain• Non-contiguous
![Page 68: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/68.jpg)
Exchange 2013 Prerequisites• Operating System (64-bit)• Windows Server 2008 R2 SP1 Standard or Enterprise• Standard - for Exchange 2013 Client Access servers• Enterprise - for Exchange 2013 Mailbox servers in a DAG
• Windows Server 2012 Standard or Datacenter• Other IIS and OS components• .NET Framework 4.5• Windows Management Framework 3.0• Unified Communications Managed API (UCMA) 4.0
![Page 69: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/69.jpg)
Upgrade to Exchange 2013 from Exchange 2010
SP3
E2010 CAS
E2010 HUB
E2010 MBX
Clients
Internet facing site – Upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 Servers
SP3
1. Prepare
Install Exchange 2010 SP3 across the ORG
Validate existing Client Access using ExRCA and built-in Test cmdlets
Prepare AD with E2013 schema
4. Switch primary namespace to Exchange 2013 CAS
E2013 fields all traffic, including traffic from Exchange 2010 users
Validate using Remote Connectivity Analyzer
5. Move Mailboxes
Build out DAG
Move E2010 users to E2013 MBX6. Repeat for additional sites
2. Deploy Exchange 2013 servers
Install both E2013 MBX and CAS servers
SP3
SP3
E2013 CAS
E2013MBX
3. Obtain and Deploy CertificatesObtain and deploy certificates on E2013 Client Access Servers
1 2 4
3
5 6
![Page 70: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/70.jpg)
Upgrade to Exchange 2013 from Exchange 2007
RU
E2007 SP3 CAS
E2007 SP3 HUB
E2007 SP3 MBX
Clients
Internet facing site – Upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2007 Servers
RU
1. Prepare
Install Exchange 2007 SP3 + RU across the ORG
Prepare AD with E2013 schema and validate
5. Switch primary namespace to Exchange 2013 CAS
Validate using Remote Connectivity Analyzer6. Move Mailboxes
Build out DAG
Move E2007 users to E2013 MBX
7. Repeat for additional sites
2. Deploy Exchange 2013 servers
Install both E2013 MBX and CAS servers
RU
RU
E2013 CAS
E2013MBX
3. Create Legacy namespaceCreate DNS record to point to legacy E2007 CAS
4. Obtain and Deploy CertificatesObtain and deploy certificates on E2013 Client Access Servers configured with legacy namespace, E2013 namespace and Autodiscover namespaceDeploy certificates on Exchange 2007 CAS
legacy.contoso.com3
1 2 5
4
6 7
![Page 71: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/71.jpg)
Upgrading to Exchange Server 2013
SP/RU
E2010 or 2007CAS
E2010 or 2007 HUB
E2010 or 2007 MBX
Clients
Internet facing site – Upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 or 2007 Servers
SP/RU
1. Prepare
Install Exchange SP and/or updates across the ORG
Prepare AD with E2013 schema and validate
5. Switch primary namespace to Exchange 2013 CAS6. Move Mailboxes
7. Repeat for additional sites
3. Create Legacy namespace
4. Obtain and Deploy Certificates
12. Deploy Exchange 2013 servers
![Page 72: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/72.jpg)
Exchange Server 2013 SetupInstall both MBX and CAS ServersMBX performs PowerShell commandsCAS is proxy only
Exchange 2013 SetupGUI or command lineIn-place upgrades are not supportedUpdated to reflect Exchange 2013 roles
ParametersNew required parameter for license terms acceptance
Install
−Setup.exe /mode:install /roles:clientaccess
−Setup.exe /mode:install /roles:mailbox
−Setup.exe /mode:install /roles:ManagementTools
Other required parameter
- /IAcceptExchangeServerLicenseTerms
12
![Page 73: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/73.jpg)
Certificates - Best Practices• Minimize the number of certificates
• Minimize number of hostnames• Use split DNS for Exchange hostnames
• Don’t list machine hostnames in certificate hostname list• Use Load Balance (LB) arrays for intranet and internet
access to servers
• Use Subject Alternative Name (SAN) certificate
Certificates
14
![Page 74: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/74.jpg)
Preparing for Client Access Server Upgrade• Validate legacy namespace creation• Configure Load balancing• Layer 7 load balancers are no longer required for primary
Exchange 2013 namespace• Layer 4 is supported and recommended• Legacy namespace is separate VIP configured with Layer 7
load balancing• Configure the AutoDiscoverServiceInternalUri on Exchange
2013 CAS Servers to a LB value• Configure AutoDiscoverSiteScope
15
![Page 75: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/75.jpg)
Switching to new Client Access Servers• Update internal and external DNS to point Mail and
Autodiscover to CAS 2013 • Update publishing rules for legacy namespace• Use Remote Connectivity Analyzer to test access to
all CAS servers • Test both externally and internally
15
![Page 76: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/76.jpg)
Exchange 2013 Public Folders• Database-centered architecture replaced by mailbox• Existing Public Folders can be migrated to Exchange 2013• Public Folder Replication is removed• End user experience doesn’t change
• Public Folders are not supported in Exchange 2013 OWA• Migrate Public Folder users before Public Folders• Exchange 2013 users can access Exchange 2010/Exchange 2007
Public Folders• Exchange 2010/Exchange 2007 users cannot access Exchange 2013
Public Folders• Migration of Public Folders is a cut-over migration• Similar to online mailbox moves
![Page 77: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/77.jpg)
Public Folder Migration Process• Analyze existing Public Folders • Tool available to analyze existing Public Folder hierarchy to
determine how many Exchange 2013 Public Folder mailboxes are recommended
• Copy Public Folder data• Users continue to access existing Public Folder deployment while
data is copied• Data migration happens in the background
• Switch clients to Exchange 2013 Public Folders • There will be a short downtime while the migration is finalized
Once migration completes, everyone switches at the same time• Can switch back, but any post migration Public Folder changes are
lost
![Page 78: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/78.jpg)
Managing Coexistence • Use the Exchange 2013 Administration Center (EAC)
to:• Manage Exchange 2013 mailboxes• View and update Exchange 2010/2007 mailboxes and
properties (with a few limitations)
• Use Exchange 2010/2007 Management Console (EMC) to create mailboxes or perform new operations
![Page 79: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/79.jpg)
Upgrade and Coexistence Summary• Updates are required for Exchange 2013
coexistence• Exchange 2010 Service Pack 3 (Q1 2013)• Exchange 2007 SP3 with a coexistence rollup (RU)
• Exchange 2007 requires a legacy namespace when coexisting with Exchange 2013
• Certificate deployment and management is improved
• Exchange 2013 Public Folders now utilize the mailbox architecture and require migration planning
![Page 80: Exchange 2013 ABC's: Architecture, Best Practices and Client Access](https://reader033.fdocuments.us/reader033/viewer/2022061111/5455a470af7959d8748b7357/html5/thumbnails/80.jpg)
Thank you!