5. Remain in
control, online, and on- Do more, Keep the
premises on any device organization safe
Exchange enables you to tailor your Exchange helps your users be more Exchange keeps your organization safe by
solution based on your unique needs productive by helping them manage enabling you to protect business
and ensures your communications are increasing volumes of communications and sensitive
always available while you remain in communications across multiple information and to meet internal and
control; on your own terms— devices and work together more regulatory compliance requirements.
online, on-premises, or a hybrid of the effectively as teams.
two.
13. Use proximity searches to
understand context
Fine tune
complex queries
Get instant
statistics
Query results across
Exchange, Lync &
SharePoint
Laser focused refiners to help
find the data you need
18. Layer 4 load balancer
Edge
Mailbox Server hosts all CAS MBX
components to process, render
and store data
Remote clients & devices Local clients PBX
Internet Enterprise network
26. 1. Prepare
Clients Install Exchange 2010 SP3 across the ORG
autodiscover.contoso.com Prepare AD with Exchange Preview schema
mail.contoso.com
Validate existing Client Access using Remote
Connectivity Analyzer and test connectivity cmdlets
1 2 4
2. Deploy Exchange Preview servers
Install both Exchange Preview MBX and CAS servers
E2010 E2010
Exchange 2010 3. Obtain and deploy certificates
E2013
Servers
HUB CAS 3 CAS Obtain and deploy certificates on Exchange Preview
SP3 Client Access Servers
SP3 4. Switch primary namespace to Exchange Preview CAS
Intranet site Exchange Preview fields all traffic, including traffic
from Exchange 2010 users
Validate using Remote Connectivity Analyzer
5 6 5. Move Mailboxes
E2010 E2013
MBX MBX Build out DAG
Move Exchange 2010 users to Exchange Preview MBX
Internet-facing site – upgrade first
6. Repeat for additional sites
27. 1. Prepare
Clients Install Exchange 2007 SP3 + RU across the ORG
autodiscover.contoso.com
mail.contoso.com Prepare AD with Exchange Preview schema and validate
legacy.contoso.com
3 2. Deploy Exchange Preview servers
Install both Exchange Preview MBX and CAS servers
1 2 5 3. Create legacy namespace
Create DNS record to point to legacy Exchange 2007 CAS
4. Obtain and Deploy Certificates
Exchange 2007 Obtain and deploy certificates on Exchange Preview CAS
E2007 E2007 E2013
Servers
SP3 SP3 4 CAS servers configured with legacy namespace, Exchange
HUB CAS RU
RU Preview namespace, and autodiscover namespace
Deploy certificates on Exchange 2007 CAS
RU
RU
Intranet site 5. Switch primary namespace to Exchange Preview CAS
Validate using Remote Connectivity Analyzer
6 7 6. Move mailboxes
E2007 E2013
SP3 Build out DAG
MBX
MBX Move Exchange 2007 users to Exchange Preview MBX
Internet-facing site – upgrade first 7. Repeat for additional sites
38. LB
L7 LB
Ex Ex CAS HT
MBX MBX
Ex Ex
Separate HA solutions for
SAN each role Simplify for
Role differentiation Separate roles for ease of Introduced the DAG scale, balanced
through manual deployment and Rich management utilization, isolation
configuration management experience using RBAC Integrate HA for all roles
Hardware solutions for segmentation Leaves resources on the Simplify network
―reliability‖ ($$$$) Support cheaper storage ground in each role architecture
2000/2003 2007 2010 2013
38
46. Protocol E2007 user accessing E2010 E2007 user accessing E2013 namespace E2010 user accessing E2013 namespace
Legacy Coexistence
Requires
namespace
Legacy Namespace Legacy Namespace No additional namespaces
OWA • Same AD site: silent or SSO FBA Silent redirect (not SSO) to CAS 2007 externally facing • Proxy to CAS 2010
redirect URL • Cross-site silent redirect (not SSO), which may
• Externally facing AD site: manual or redirect to CAS 2010 or CAS 2013
silent/SSO cross-site redirect
• Internally facing AD site: proxy
Exchange • EAS v12.1+ : Autodiscover & Proxy to MBX 2013 Proxy to CAS 2010
ActiveSync redirect
• Older EAS devices: proxy
Outlook Anywhere Direct CAS 2010 support Proxy to CAS 2007 Proxy to CAS 2010
Autodiscover Direct CAS 2010 support Redirect to CAS 2007 externally facing URL Proxy to CAS 2010
EWS Autodiscover Autodiscover Proxy to CAS 2010
POP/IMAP Proxy Proxy to CAS 2007 Proxy to CAS 2010
OAB Direct CAS 2010 support Proxy to CAS 2007 Proxy to CAS 2010
RPS n/a n/a Proxy to CAS 2010
ECP n/a n/a • Proxy to CAS 2010
• Cross-site redirect, which may redirect to CAS 2010
or CAS 2013
46
55. SMTP from Transport SMTP to Transport
Service Service
Mailbox Transport Pipeline
SMTP Receive SMTP Send
Hub Selector (Router)
Store Driver Deliver
MBX Deliver Store Driver Submit
Agents
MBX MBX Submit
Assistants Agents
Mailbox Transport Delivery Mailbox Transport Submission
MAPI MAPI
Mailbox Store
55
Ignite is the technical readiness program from the Microsoft Office Division (MOD). Ignite provides deep (level 300) technical training from Microsoft experts to IT Professionals and Developers.
Devices:Fast and fluid experience with touch, pen, mouse & keyboardImmersive touch-optimized Windows 8 appsSupport for Mobile DevicesCloud:Office - on demand, roaming & up-to-dateNew cloud app development modelEnterprise-grade reliability and standardsSocial:Newsfeeds & microblogging, extend with YammerPervasive social capabilities across OfficeMultiparty HD video & Skype federationControl:DLP, data retention & unified eDiscoveryReimagined deployment model for Office appsCommon management experience across Office 365
Slide objectiveCommunicate that Exchange can be deployed in many ways that meet customer needs.Talking pointsThe key here is that you are in control. Giving customers transparency and options is what we are delivering in the new Exchange.This really is the cloud on your terms.On-premises deployment provides complete control of your environment and security and more customization.Exchange Online can help reduce costs, focus IT on business priorities, and ensure that your users benefit from the latest technology.Coexistence capabilities mean that you can mix the two in a hybrid deployment and segment your users to give them the right level of service at the lowest cost.All configurations provide the robust messaging capabilities that you expect from Exchange.
Slide objectiveCommunicate that Exchange can be deployed in many ways that meet customer needs.Talking pointsThe key here is that you are in control. Giving customers transparency and options is what we are delivering in the new Exchange.This really is the cloud on your terms.On-premises deployment provides complete control of your environment and security and more customization.Exchange Online can help reduce costs, focus IT on business priorities, and ensure that your users benefit from the latest technology.Coexistence capabilities mean that you can mix the two in a hybrid deployment and segment your users to give them the right level of service at the lowest cost.All configurations provide the robust messaging capabilities that you expect from Exchange.
The Exchange Administration Center is supported by Role-Based Access Control or RBAC. RBAC Assigns permissions to specific operations with meaning in the organization. RBAC defines who can do what … and where.RBAC was introduced in Exchange 2010 and replaces the permissions model in previous versions of ExchangeThe RBAC authorization model is centered on the concept of Role Assignment. A role assignment defines exactly who (a user or a group) can do what, and where (what objects) they can do it to. Your role is defined by what you do – it’s an action or verb oriented world.This is a very different model from the AD ACL Model which hinged around the Where. Where: Scopes can be filter or OU based; all scopes grant access to included objects; exclusive scopes prevent non-holders access to included objects.Role groups define high level job functionsEnd user role assignment policies for self-serviceAssign ask, action or feature-based permissionsDelegate multiple rolesLimit the scope of the role assignment, e.g. “Legal Department” or “Asia Offices”
Blocking SPAMTop ranked filtering service gets better with faster more proactive ways of catching and eliminating spamNew fingerprinting techniques to react faster (in real time – don’t have to wait until user community reports it)For example; when we find a bad IP that is sending spamWe’ll do more than just block the mail from We’ll start collecting all of the email from that know bad server and analyzing it to find out characteristics of the spam, so that we can more effectively block it.International SPAM SupportAbility to select geo-regions/countries for blockingAbility to filter on languages (86 languages supported)Geo-regions enforcement happens in Connection Filtering LayerLanguage enforcement happens at the Content Filtering layer Bulk Mail marked as SPAMThe admin can decide how to classify these type of messages – will be treated based on what your choice of how to manage SPAM.Bacn (pronounced like bacon), is email that has been subscribed to and is therefore not unsolicited (like e-mail spam), but is often not read by the recipient for a long period of time, if at all. Bacn has been described as "email you want but not right now.“Bacn differs from spam in that the recipient has signed up to receive it. Bacn is also not necessarily sent in bulk. Some examples of common bacn messages are news alerts, periodic messages from e-merchants from whom one has made previous purchases, messages from social networking sites, and wiki watch lists.[3]The name bacn is meant to convey the idea that such email is "better than spam, but not as good as a personal email".
Integrated archiving and data hold capabilitiesCentrally managed or used assigned retention policies
In the new Exchange, the DLP features will support major regulatory requirements out of the box, including PCI DSS.It will also be extensible, allowing admins to install specific templates offered by security partners. For example, a DLP template built by a partner for the German market would take action on email that includes German driver’s license numbers. Talking points Exchange gives you the control to manage compliance in order to meet your business and regulatory needs.The goal is to help you with accidental data loss. Detect sensitive data before it is sent with built-in templates that filter mail content for PCI DSS, GLBA, and other regulations. Import DLP policy templates from top security partners or build your own.Today, it is important to help users do the right thing in a complex world of compliance. Education for usersDLP is built upon transport rules (v3). While it was possible to do in Exchange Server 2010 or Exchange Online, now it is packaged, and with reporting/charts/classifications, and it is out of the box Stories When was the last time you saw the employee handbook with all of the regulations on what you were and weren’t supposed to do?. Most people aren’t malicious, but they aren’t educated. More infoClassificationScanning will examine both message contents and attachmentsOut-of-the-box classification rules work to detect common types of sensitive data. Actions are built in today (in transport rules). We are adding deep analysis (content inspection)Policy engineWell-defined entities (e.g., CC#, SSN) Probabilistic techniques for fuzzy matches (e.g., SOX, medical terms) RSA partnershipDLP policy template: Logical grouping of classification rules, transport rules, and reporting to achieve an objectiveThere will be several templates in the box.PII, financial, healthcare (for the type of healthcare issues that HR would deal with. We are not building templates for hospitals, though we enable partners to do that through our extensibility story)U.S. and Europe Custom classification rulesFingerprinting for org. documents that share common characteristics (e.g., 1040 form) Custom regex and keyword matchesOffice document metadata ExtensibilityClassification rules: Open format for classification rule schemaISVs create new packages of classification rules, transport rules, and reporting for specific regulations ActionsBuilt on Exchange Transport Rules; has same actions availableSupports discovery phase of compliance: two clicks to start monitoring sensitive information IW ExperienceContextual education for information workers Detect sensitive data in email before it is sentText is customizable by admins from Exchange Admin Center
SituationWith the explosive growth of compliance requirements both inside and outside organizations, compliance has become everyone’s responsibility. Neither the IT department nor the legal and compliance departments can keep tabs on all of the information that is exchanged in the ordinary course of business. Organizations need tools that enable self-service and automated compliance wherever possible. Talking pointsThere is a solid partnership between the teams. We all work together now.Perform unified searches regardless of document type or location, across Exchange, SharePoint, Lync, and file shares.Search and view content by project, legal matter, or business context.Save money when there is a litigation need by producing results quickly and efficiently.Provide native safety for messaging content.This is an evolution of our compliance (v3) and search infrastructure (FAST)Data stays where it lives (In-Place) where it has the most relevance.
Separate HA solutions for each roleIntroduced the DAGRich management experience using RBACSupport for Hybrid deployments
Exchange Building Block Model: The Exchange building block model simplifies Exchange deployments at all scales, standardizes high availability and client load balancing, and improves cross-version interoperability. As an IT administrator, your focus is not necessarily backups, monitoring or disaster recovery. Your focus is to help keep your service available for your business. We have created a system that:Is flexible and efficient to allow deployment on a wide range of hardwareEnables large, low cost mailboxes, butProvides a single solution for high availability, business continuity, data protection and backupsHelps isolate failures with built in monitoring and availability managementHelps you reduce risk and focus on your business
In the new version of Exchange we envision two basic building blocks within Exchange – the Client Access Server or CAS and the Mailbox Server. CAS is comprised of two components: client protocols and SMTP. A CAS array is a series of thin, stateless servers from a protocol session perspective. Because they are stateless, they do not require session affinity or layer 7 load balancing. They are designed to work with TCP affinity or layer 4 load balancing which is protocol unaware. This is important because this provides flexibility and choice with respect to load balancing and high availability. It increases the capability/utilization of the LB as you won’t have to do SSL processing, session cookie processing, etc – it reduces complexity and cost.CAS has the logic to route all protocol requests to the correct back end or mailbox server, even older versions of Exchange. It is domain joined, meaning it is not an edge or gateway server.From a functionality perspective, we want to avoid dependencies between functionalities CAS and MBX so that we enable independent upgrade the two and allow cross-version interaction, which is critical to making the upgrade/coexistence story simple and flexible for customers. In terms of deployment flexibility this also means that there is no expectation that CAS needs to be in the same location as MBX in Exchange. Many customers will have them in the same sites but some large organizations may want the flexibility to consolidate CAS or consolidate MBX. Meanwhile, the mailbox servers host all components that process, render and store data – RPC CA, OWA, RPC proxy, transport, UM, etc) Clients do not connect directly to MBXservers; connectivity is through CAS. MBX servers are the evolution of what we provided in Exchange 2010 with a DAG; a collection of these servers form an HA unit.
Earlier versions of MAC Outlook Clients used WebDav, need the EWS versions of Entourage/Outlook versions for MACExchange Server 2003 coexistence is blocked by Exchange 2013 setup, this is not a supported scenario
Exchange continues to support the non-standard DNS namespaces due to Windows support for these namespaces.
Windows Server 2012 includes several prereqs, not additional downloads like on Windows 2008 R2PowerShell v3.0.NET Framework 4.5Exchange 2013 includes the 5 / 100 database limit for Exchange Standard and Exchange Enterprise, same as Exchange 2010Windows Management Framework 3.0Includes Remote Management and PowerShell v3.0UCMA v4.0 includes new speech engine
With Exchange 2013 Preview, you need to install MBX first. MBX first is a recommendation. CAS is just a stateless protocol proxy, no business logic, no APIs, no objects to work with. So if Exchange 2013 CAS is installed first, it cannot be configured because there are no configuration objects, it cannot be manipulated because there is no business logic.You can do CAS first instead of MBX first, but recommend MBX first. Or install a multirole server first.
Test legacy namespace creation with HOSTS filesLayer 7 load balancers are no longer required for primary Exchange 2013 namespaceSession Affinity is not required for Exchange 2013Layer 4 is supported and recommendedPerforms service health awarenessLoad balancing of the CAS servers
HT-palvelimiaeienääoleEdge on versio 2010Jatkossapäivittämiennkohdistuu mailbox-palvelimiin, eivälttämättäCASArrayhin
UM keskusteleeainoanaroolinasuoraan Mailbox-palvelimenkanssa
Inbound Emails from external SMTP will be received by Receive Connector (SMTP Receive) on the Hub Transport Service. SMTP Receive perform a Connection Filtering, Recipient filtering and Sender filtering by the Protocol Agent and the emails will be delivered to Hub Selector. Hub Selector use the delivery groups to find where to deliver the emails based on the recipient and the emails will be sent to SMTP Send component on the Front End Transport Service
Koska PF on yksi mailbox (primary) Siihensovelletaanpostilaatikonvikasietoisuusominaisuuksia (DAG?) http://www.msexchange.org/articles_tutorials/exchange-server-2013/planning-architecture/exchange-2013-preview-public-folders-part1.html
Vanha PF –konseptitoimiiedelleen, migraatiosuunniteltava!