Exchange Server 2010 Upgrade and Deployment Meelis Nigols koolitaja IT Koolitus

New from Exchange Server 2003 to Exchange Server 2007 Shift from front-end/back-end to a scalable role-based architecture 64-bit server support Active Directory Sites replace Routing Groups Autodiscover to automatically configure users Removes Outlook need for Public Folders − Availability Service: Free/Busy information read direct from mailboxes, not from Public Folders − Offline Address Book download from Client Access Server New admin tools Unified Messaging: Get voice mail in your inbox New Developer API: Exchange Web Services (EWS)

New from Exchange Server 2007 to Exchange Server 2010 Flexible deployment choices − Run Exchange Server on-premises, use Exchange Online, or a hybrid approach High Availability solution for mailbox resiliency − Comprised of database availability group and database copies − Provides site resilience and disaster recovery − 30-second switchover/failover with simplified admin experience − Improves the flexibility in storage choices (SATA disks, JBOD configurations, etc.) − Replaces SCR, LCR, SCC, and CCR from E bit management tools support RPC client access and Address Book services − Improved High Availability solution − Outlook MAPI connects directly to Client Access Servers for mailbox-related data and directory requests ExOLEBD, WebDAV, and CDOEx are gone − “Entourage EWS” uses EWS

Collaborate Effectively A familiar and rich Outlook experience across clients, devices, and platforms

Exchange Server 2010 Prerequisites Active Directory Windows 2003 SP2 global catalog server is installed in each Exchange Active Directory (AD) site − No hard requirement for Windows Server 2008 AD Windows Server 2003 forest functional level Exchange All Client Access Servers (CAS) and Unified Messaging (UM) servers must have SP2 Existing servers are Exchange 2003 SP2 or Exchange 2007 SP2 Server Windows Server 2008 SP2 or R2 64-bit editions (Std/Ent) Windows Management Framework.NET Framework 3.5 SP1 Internet Information Services (IIS)

Starting Setup for Exchange 2010 Step-by-step instructions in setup app Setup.com with parameters gives unattended setup Setup provides specific settings for configuring your environment Configure CAS External domain name − Sets ExternalUrl property which aids client configuration E2003 routing group connector: E2003 server

Outlook Web Access − /owa Exchange Web Services − /ews Offline Address Book − /oab Unified Messaging − /unifiedmessaging Outlook Mobile Access − /oma Outlook Web Access Outlook Web App Exchange Control Panel − /ecp Unified Messaging − /unifiedmessaging Namespaces and URLs Outlook Web Access − /exchange, /exchweb, /public Exchange ActiveSync − /microsoft-server- activesync Outlook Anywhere − /rpc POP/IMAP Outlook Mobile Access − /oma Clients and SMTP servers Autodiscover /autodiscover E2003/E2007 services

Deploying SSL Certificates Use “Subject Alternative Name” (SAN) certificate which can cover multiple hostnames Site resilience scenario − If leveraging a certificate per datacenter, ensure that the Certificate Principal Name is the same on all certificates Don’t list machine hostnames in certificate hostname list − Use Load Balance (LB) arrays for intranet and Internet access to servers Best practice: Minimize the number of certificates − 1 certificate for all CAS servers + reverse proxy + Edge/Hub − Additional certificate(s) if using Office Communications Server (OCS)

New-ExchangeCertificate -GenerateRequest -Path c:\certificates\request.req -SubjectName “c=US, o=contoso Inc, cn=mail1.contoso.com” -DomainName mail.contoso.com, autodiscover.contoso.com, legacy.contoso.com -PrivateKeyExportable $true Certificate Creation 1. Create a Certificate Request file 2. Send Request file to certificate authority you are buying from 3. Use Import- ExchangeCertificate to activate newly acquired certificate 4. Use Enable- ExchangeCertificate to enable the certificate for use with a particular service

Deploying E2010 Best Practice: Use “Split DNS” for Exchange hostnames used by clients Goal: Minimize number of hostnames − mail.contoso.com for Exchange connectivity on intranet and Internet − mail.contoso.com has different IP addresses in intranet/Internet DNS Important: Before moving down this path, be sure to map out all the hostnames (outside of Exchange) that you will want to create in the internal zone Topology Decisions—Split-brain DNS

Deploying Exchange 2010 OWA and EWS load balancing require Client  Server affinity − Client-IP based Windows NLB or LB device using cookie-based affinity Tell Autodiscover where to send clients: Configure internalURL and externalURL parameters and virtual directories − Example: Set-WebServicesVirtualDirectory cas2010\ews* - ExternalURL Tell Outlook clients where to go for intranet MAPI access − Use New-ClientAccessArray and set-mailboxdatabase Topology decisions—CAS load balancing

Deploying Exchange 2010 CAS AutoDiscoverServiceInternalUri property should be set to NLB FQDN Ensure the Web Services property InternalNLBBypassURL is set to the Server FQDN Configure virtual directory URLs according to this table:

Upgrading to Exchange 2010 Proxy Internet Facing AD Site Internal AD Site Internet Internet hostname switch Unified Messaging switch SMTP switch SSL cert purchase End users don’t see this hostname Used when new CAS tell clients to talk to legacy environments Start small Gradually add more servers to support scale E200x Servers

Preparation Tools Finding and solving problems before users do Verify Internet-facing services are set up and configured properly Help determine the cause of performance, mail flow, and database issues Simulate and test how a server responds to loads Determine overall health of Exchange system and topology

Switching to CAS Obtain and deploy a new certificate that includes the required host name values a. mail.contoso.com b. autodiscover.contoso.com c. legacy.contoso.com 2. Upgrade all Exchange servers to Service Pack 2 a. Enable Integrated Windows Authentication on Exchange 2003 MSAS virtual directory (KB ) 3. Install and configure CAS2010 servers a. Configure InternalURLs and ExternalURLs b. Enable Outlook Anywhere c. Configure the Exchange2003URL parameter to be Preparatory steps

Switching to CAS Join CAS2010 to a load balanced array a. Create CAS2010 RPC Client Access Service array b. Ensure MAPI RPC and HTTPS ports are load balanced 5. Install HUB2010 and MBX2010 servers a. Configure routing coexistence b. Configure OAB Web-based distribution 6. Create Legacy record in DNS (internal/external) 7. Create Legacy publishing rules in your reverse proxy/firewall solution pointed to FE2003 / CAS2007 array 8. Use ExRCA to verify connectivity for Legacy namespace Preparatory steps, continued

Switching to CAS2010 The switchover involves a minor service interruption 1. Update internal DNS and have Mail and Autodiscover point to CAS2010 array 2. Update/Create Autodiscover publishing rule and point to CAS2010 array 3. Update Mail publishing rules and point to CAS2010 array a. Remember to update paths with new Exchange 2010 specific virtual directories 4. Reconfigure CAS2007 URLs to now utilize Legacy namespace 5. Disable Outlook Anywhere on legacy Exchange 6. Test that CAS2010 is redirecting/ proxying to CAS2007 (externally and internally) ISA E200x SP2 E2010 CAS+HUB+MBX autodiscover… mail… Clients access E2010 through Autodiscover… and mail… Redirection (legacy…), proxying, and direct access to E2003/E legacy… The switchover

Client Access Upgrade Clients access CAS2010 first Four different things happen for E2003/ E2007 mailboxes 1. Autodiscover tells clients to talk to CAS HTTP redirect to FE2003 or CAS Proxying of requests from CAS2010 to CAS Direct CAS2010 support for the service against BE2003 and MBX2007

Step 5: Switch Internet submission to Edge 2010 SMTP Transport Upgrade E2003 Bridgehead E2003 Back-End E2010 HUB E2010 MBX E2007 HUB E2007 MBX E2010 Edge E2007 Edge Internet SMTP Servers Step 1: Upgrade existing E2003 and E2007 servers to SP2 Step 2: Install HUB and MBX 2010 Step 3: Switch Edgesync +SMTP to go to HUB2010 Step 4: Install Edge 2010

Unified Messaging Upgrade

Public Folders Co-existence support between mailbox server 2010 and mailbox server 2003/2007 Outlook can read mailbox from one Exchange version (such as 2010) and public folder from another (such as 2003/2007) OWA 2010 will allow access to public folders with replica in mailbox server 2010 Get-PublicFolderStatistics help take action − Move − Delete − Migrate to SharePoint

Service Level Agreement 1GB mailbox could take 90 minutes or more to move − Pain: User is disconnected for the duration − Pain: Your SLA for availability is not met Service availability during migration

Client Mailbox Server 1Mailbox Server 2 Client Access Server Online Move Mailbox Minimal disruption

Key Takeaways Exchange 2007 Service Pack 2 introduces new functionality and is required for coexistence with Exchange 2010 Upgrading server roles is seamless and without impact to end users Online mailbox moves improves mailbox data migration by significantly reducing the user outage window

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Forefront, Outlook, Windows, Windows Mobile, Windows Server, and other product names are or may be registered trademarks and/or trademarks of Microsoft Corporation in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.