la nouvelle version d'Exchange Server 2013 intègre énormément de nouvelles fonctionnalités. Nous verrons dans cette session un florilège comprenant entre autres : l'eDiscovery, le DLP (Data Loss Prevention), les nouvelles boites aux lettres de site, la nouvelle console d'administration Exchange, le nouvel Outlook Web App et son mode déconnecté, le support du tactile dans Outlook, le support d'applications web dans Outlook, etc...
3. Nov. 2009
Le cloud comme
vous le souhaitez
Protection
Antispam
Haute Disponibilité
Mission Critical
Messagerie vocale
dans votre BAL
Email sur un
téléphone
Email dans un
navigateur
Mai 1997 Nov. 1997 Dec. 2001 Mar. 2004 Dec. 2006 Nov. 2008
Grandes
BAL à bas
coût
9. 2013
LB
Simplification de
l’architecture.
L7 LB
2010
Introduction du DAG
RBAC
Mutualisation des rôles
HLB layer 7
CAS HT
MBX MBX
2007
Supporte stockage moins
cher
Réplication continue
Rôles séparés
Ex Ex
SAN
Ex Ex
2000/2003
Configuration manuelle
des rôles
Dépendance du Hardware
pour la haute disponibilité
9
12. Protocols,
Server Agents
Business Logic
Storage
EWS
RPC CA
Transport
Assistants
MRS
MRSProxy
EWS
RPC CA
Transport
Assistants
MRS
MRSProxy
Server1 (Vn) Server2 (Vn+1)
XSO MailItem
Other APICTS
Store
ESE
Content
Index
File
System
XSO MailItem
Other APICTS
store
ESE
Content
Index
File
System
SMTP
MRS proxy
protocol
EWS protocol
Custom WS
Interdit
E2010
12
13. Layer 4 LB
SMTP
MDB
HTTP Proxy
IIS
CAS 2013
RPC CA
MBX 2013
IIS
RPS
OWA, EAS, EWS, EC
P, OAB
POP, IMA
P
SMTP
IMAP
UM
POP
IMAP
Transpor
t
UM
SIP
Redirect
SIP + RTPSMTPPOP, IMAPHTTP
Mail
Q
RpcProxy
OWA Outlook EAS EAC PowerShell SBC, AP
13
14. APAC-DC2APAC-DC1NA-DC2NA-DC1
mail.contoso.com
VIP #1 VIP #3VIP #2 VIP #4
DAG DAG
Solution DNS géographique
Résolution DNS via Geo-
DNS
Round-robin
entre le # de VIPs
Sue
(NA)
Sue
(Voyage en Asie)
Résolution DNS via Geo-
DNS
Round-robin
entre le # de VIPs
14
16. • 99% de réduction des IOPS par
rapport à Exchange Server 2003
Storage Area
Network (SAN)
Direct Attached
w/ SAS Disks
JBOD
(RAID-less)
SATA Disks
Stockage Exchange 2013:
Quelques retour vers le passé pour mesurer le chemin accompli…En 1996, l’annuaire compatible LDAP d’Exchange 4.0 deviant… Active Directory : la pierreangulaire, la colonnevertebrale de tout le systèmed’information.Email dans un navigateur : Date de Mai 1997, avec Exchange 5.0: le nom à l’époque : Exchange Web AccessL’arrivée de la haute disponibilité : Novembre 1997 – avec Exchange 5.5 : Version mythique !L’emailsur son telephone (smartphone) en 2001 avec Exchange Active Sync. Standard de facto. IOS, Symbian, Windows mobile, phone….Luttecontre le SPAM : Filtrage de messages intelligent. (2004 puisintégrédans Exchange 2003)VoiceMail, support X64, RBAC en Décembre 2006Support des grosses Mailboxes : 2009 avec Exchange 2010 et storage (JBOD SATA, etc…)Exchange ActiveSync: Exchange is the defacto standard of mobile messaging. The world turns to Exchange for getting email on a phone. Competitors needed to license our technology.Red blinking light: Do you remember a world where voicemail messages caused a red blinking light on your desk phone? Do you remember how difficult it was to check the message (the number sequences dance)? Low-Cost, massive mailboxes: Do you remember a world before large mailboxes? You’d spent hours a week worrying about quota instead of getting your work done so that you could go home to your family and friends.Compete: Around the time that we were bringing voicemail in, Google was creating an inbox.Let’s show you how the world is evolving and some of the great new features and benefits that the new Exchange brings.More data pointsOnline directory service that was robust and flexible, the LDAP-compliant directory from Exchange Server 4.0 became Active Directory (Exchange—1996)Email on a browser (May 1997—Exchange 5.0)—Exchange Web AccessMission-critical application (November 1997—Exchange 5.5)—High availabilityEmail on a phone (2001)—Exchange ActiveSyncSpam—Intelligent Message Filter (2004—then incorporated into Exchange 2003)Voicemail/x64 support/Role-Based Access Control (December 2006)Large mailboxes (November 2009)
Avantchaquelancement de produit, les groups produitsanalysenttrès en amont les grandestendancemarchéafinque, 3 ans plus tard, Multiplication des devices De plus en plus de devices, de plus en plus de form factors (PC, Hybrides, tablets et smartphones)Support du Touch (quel’onvavousmontrer) implique des modifsd’interfaceSupport de plus en plus de devices mobiles.2) Cloud Cette version d’Excahnge 2013 a une histoire : cesont les équipesExchnage qui font tourner Office 365 ! Ilsont fait tourner sous Exchange 2010 et on vécu en direct les problématiques de montée en charge à plusieurs millions de BAL. Remontéesd’alertes, etc…Du coup, Exchange 2013 a étédéveloppé pour faire passeDevices:Fast and fluid experience with touch, pen, mouse & keyboardImmersive touch-optimized Windows 8 appsSupport for Mobile DevicesCloud:Office - on demand, roaming & up-to-dateNew cloud app development modelEnterprise-grade reliability and standardsSocial:Newsfeeds & microblogging, extend with YammerPervasive social capabilities across OfficeMultiparty HD video & Skype federationControl:DLP, data retention & unified eDiscoveryReimagined deployment model for Office appsCommon management experience across Office 365
Slide objectiveCommunicate that the new Exchange can help organizations and users be more productive by providing them intuitiveand powerful way to access their Inbox.Talking pointsExceed the expectations of the current and next generation of workers with a clean, professional user experience. The design will allow for incredible accessibility across devices allowing you to always stay up to date on not only your email but your projects as well.Animations show just how thoughtful the design is. Even little details like zooming into a calendar as the view changes from a month to a week. the new Exchange will enable you to coauthor a document stored in SharePoint from Outlook via Site Mailboxes. Enabling users to work they way they are most comfortable enables them to be more efficient and productive, while retaining important company information in SharePoint.Streamlined user interface put content first to help you stay on taskThe new Exchange will enable you to coauthor a document stored in SharePoint from Outlook via Site Mailboxes. Enabling users to work they way they are most comfortable enables them to be more efficient and productive, while retaining important company information in SharePoint.Action at your fingertips with Quick Actions, Peeks and Inline ReplyDrag and Drop items across folders, mailboxes, and archives to ensure users stay productiveStories:Think about how you manage Outlook today.
Slide objectiveCommunicate that the new Exchange can help organizations and users be more productive by providing them intuitive and powerful way to access their Inbox.Talking pointsExceed the expectations of the current and next generation of workers with a clean, professional user experience. The design will allow for incredible accessibility across devices allowing you to always stay up to date on not only your email but your projects as well.Animations show just how thoughtful the design is. Even little details like zooming into a calendar as the view changes from a month to a week. the new Exchange will enable you to coauthor a document stored in SharePoint from Outlook via Site Mailboxes. Enabling users to work they way they are most comfortable enables them to be more efficient and productive, while retaining important company information in SharePoint.Associates an Exchange mailbox with a SharePoint siteEnables users to access SharePoint and Exchange content from OutlookDrag and Drop items from email messages (for instance an attachment) directly into a site mailbox.Stories:Think about how you manage projects today. You may use SharePoint for documents, Exchange for individual emails, and something else for group emails. How do you get from email to SharePoint? We are building the best collaborative user experience between email and documents.
Slide objectiveThere is a wealth of data in your inbox. Then there is data in other applications that relates to this data. the new Exchange puts it together in a useable and manageable way.StoryThink about how your current workflow when you have a new business contact/partner/client, etc., say Bob@externalcompany.com. You usually only have an email address with a name associated to it, perhaps a little more context if you email various sources. Prior to your meeting, it would be great to know details about his insights and perhaps some of the company’s past history. This will help gauge the correct level of presentation. With the new Exchange, your admin (or you if they desire), can install a CRM application directly into Outlook and OWA so you get this information in context. The information exists, and it is right in front of you. the new Exchange helps you make it usable. We can make that experience better and give the developer and partner community a chance to promote/sell this. Talking pointsExtend browser-based, singlesign-on simplicity for multiple applications.Use extensions to create an integrated, customized experience that brings all the apps people need together in one place.Give users access to the right applications with privacy and deployment scopes so that you can give people precisely the functionality they need without added risk.
Situation Employees wonder why they can’t get large (multi-gigabyte) storage limits for their work email like they can for their personal email accounts (Hotmail, Yahoo, Google, etc). Exchange Server 2007 enabled organizations to deploy new storage configurations (Direct Attached storage) and offer larger mailboxes to their employees. Storage costs still remain a major expense in most Exchange environments.Slide objectiveEmphasize that Exchange 2010 provides administrators unprecedented flexibility in choosing a storage architecture.Talking pointsExchange 21010 includes improvements to performance, reliability, and high availability that enable a wide range of storage options. Including SAN, DAS, cheaper SATA disks and JBOD (RAID-less) configurations.Exchange 2010 delivers a 70% reduction in disk IO from Exchange 2007 levels, lowering the bar for minimum disk performance required to run Exchange. IO patterns are optimized so that disk writes are less bursty and more suitable for SATA (desktop class) disks. SATA optimizations is about using cheaper “good enough” disks.Exchange 2010 is more resilient to storage problems. When corruption is caused by minor disk faults, Exchange automatically repairs the affected database pages using one of the database copies configured for high availability.When Exchange 2010 is deployed with 3+ database copies, these low-level performance improvements enable the use of RAID-less / JBOD storage.
The Exchange Administration Center is supported by Role-Based Access Control or RBAC. RBAC Assigns permissions to specific operations with meaning in the organization. RBAC defines who can do what … and where.RBAC was introduced in Exchange 2010 and replaces the permissions model in previous versions of ExchangeThe RBAC authorization model is centered on the concept of Role Assignment. A role assignment defines exactly who (a user or a group) can do what, and where (what objects) they can do it to. Your role is defined by what you do – it’s an action or verb oriented world.This is a very different model from the AD ACL Model which hinged around the Where. Where: Scopes can be filter or OU based; all scopes grant access to included objects; exclusive scopes prevent non-holders access to included objects.Role groups define high level job functionsEnd user role assignment policies for self-serviceAssign ask, action or feature-based permissionsDelegate multiple rolesLimit the scope of the role assignment, e.g. “Legal Department” or “Asia Offices”
The Exchange Administration Center is powerful and feature rich and it’s easily accessible because it’s web-based and supports the most popular browsers. Because it’s web-based, it’s streamlined with great performance. And it can decrease downtime and service interruptions from patching and tool update needs because you won’t need to download, manage and patch a separate tool from the rest of the service.Role-Based Access Control or RBAC allows you to scope permissions and tasks to sets of users which are rendered in the EAC. EAC is built on Windows Powershell. Your advanced Exchange administrators will still be able to take actions with cmdlets through remote powershell or script routine tasks.EAC has the same dynamic search capabilities as the rest of Exchange so you can easily query for something you’re looking for.
Local Health Manager: A managed availability component on an Exchange server that monitors the state of its health by probing to measure a user experience through synthetic transactions, performing system checks to measure traffic and failure thresholds through performance counters, and taking action to restore services or prevent failures. Alerts are sent using Systems Center. SCOM is the portal for notifications. In other words, “Stuff breaks but the experience doesn’t have to.”Infrastructure includes four key components:Probes – synthetic transactions that perform tasks and look at performance counters, events, etc.Monitors – similar to a monitor in SCOM in that initiates an action if certain criteria is met. The action may be to recover, or escalate to an administrator by throwing an alertNotifications – a means by which the system/admin can override the probe and trigger an immediate responseRecover service – process by which recovery or repair is performed to restore service or prevent failure (e.g., restart service or application pool, perform a failover, bugcheck the OS, etc.)
Situation: Leakage or loss of data through email is a growing risk and concern for many organizations today – because of regulations, breaches of trust or loss of business critical information. Exchange approach to the problem is to provide a range of soft and hard controls.Talking Points:Flexible solution:Customers have differing needs – solution needs to be flexibleWithin a given organization, different types of data, different parts of the company require different levels of enforcementProtect against loss without getting in users’ wayAttempts to implement policy can’t get in the way of business processes, or these will failExchange has been making investments in this area for the last few releasesTransport rules in Exchange 2007Transport rules + Rights protection in Exchange 2010MailTips in Exchange 2010 / Outlook 2010 (alert user before the email is sent) – “Bob Jones is outside of your organization”Actions are built in today already (as part of transport rules) – block, monitor, RMS protect, etcIn Exchange 2013 we build on this foundation and bring full DLP to the product
Integrated archiving and data hold capabilitiesCentrally managed or used assigned retention policies
In the new Exchange, the DLP features will support major regulatory requirements out of the box, including PCI DSS.It will also be extensible, allowing admins to install specific templates offered by security partners. For example, a DLP template built by a partner for the German market would take action on email that includes German driver’s license numbers.Provide granular information about corporate policies at the right time, while not getting in the way of doing business Talking points Exchange gives you the control to manage compliance in order to meet your business and regulatory needs.The goal is to help you with accidental data loss. Detect sensitive data before it is sent with built-in templates that filter mail content for PCI DSS, GLBA, and other regulations. Import DLP policy templates from top security partners or build your own.Today, it is important to help users do the right thing in a complex world of compliance. Education for usersDLP is built upon transport rules (v3). While it was possible to do in Exchange Server 2010 or Exchange Online, now it is packaged, and with reporting/charts/classifications, and it is out of the box Stories When was the last time you saw the employee handbook with all of the regulations on what you were and weren’t supposed to do?. Most people aren’t malicious, but they aren’t educated. More infoClassificationScanning will examine both message contents and attachmentsOut-of-the-box classification rules work to detect common types of sensitive data. Actions are built in today (in transport rules). We are adding deep analysis (content inspection)Policy engineWell-defined entities (e.g., CC#, SSN) Probabilistic techniques for fuzzy matches (e.g., SOX, medical terms) RSA partnershipDLP policy template: Logical grouping of classification rules, transport rules, and reporting to achieve an objectiveThere will be several templates in the box.PII, financial, healthcare (for the type of healthcare issues that HR would deal with. We are not building templates for hospitals, though we enable partners to do that through our extensibility story)U.S. and Europe Custom classification rulesFingerprinting for org. documents that share common characteristics (e.g., 1040 form) Custom regex and keyword matchesOffice document metadata ExtensibilityClassification rules: Open format for classification rule schemaISVs create new packages of classification rules, transport rules, and reporting for specific regulations ActionsBuilt on Exchange Transport Rules; has same actions availableSupports discovery phase of compliance: two clicks to start monitoring sensitive information IW ExperienceContextual education for information workers Detect sensitive data in email before it is sentText is customizable by admins from Exchange Admin Center
SituationWith the explosive growth of compliance requirements both inside and outside organizations, compliance has become everyone’s responsibility. Neither the IT department nor the legal and compliance departments can keep tabs on all of the information that is exchanged in the ordinary course of business. Organizations need tools that enable self-service and automated compliance wherever possible. Talking pointsThere is a solid partnership between the teams. We all work together now.Perform unified searches regardless of document type or location, across Exchange, SharePoint, Lync, and file shares.Search and view content by project, legal matter, or business context.Save money when there is a litigation need by producing results quickly and efficiently.Provide native safety for messaging content.This is an evolution of our compliance (v3) and search infrastructure (FAST)Data stays where it lives (In-Place) where it has the most relevance.