Overview of Server Roles in Exchange Server 2010 In Exchange Server 2010, servers are installed with specific functional roles: Mailbox Server role Edge Transport Server role Client Access Server role Unified Messaging Server role Hub Transport Server role

Enterprise Level Fault Tolerance Database Availability Groups SAN hosted Databases Personal Archives of PST files Shadow Redundancy Centralized access through Client Access Server arrays allow hardware load balancing

What Is a Database Availability Group? A DAG is a collection of servers that provides the infrastructure for replicating and activating database copies. DAGs: Require the failover clustering feature, although all installation and configuration is done with the Exchange Server management tools Use Active Manager to control failover Use an enhanced version of the continuous replication technology that Exchange Server 2007 introduced Can be created after the Mailbox server is installed Allow a single database to be activated on another server in the group without affecting other databases Allow up to 16 copies of a single database on separate servers Define the boundary for replication

What Is Active Manager? Active Manager: Runs a process on each server in the DAG One node is the Primary Active Manager Remaining nodes are Secondary Active Managers Manages which database copies are active and which are passive Stores database state information Manages database switchover and failover processes Does not require direct administration configuration

How Are Databases Protected in a DAG? DB4 DB2 DB3 DB1 DB2 DB4 DB2 DB3 Continuous replication protects databases across servers in the DAG

Understanding the Failover Process If a failure occurs, the following steps occur for the failed database: Active Manager determines the best copy to activate The replication service on the target server attempts to copy missing log files from the best “source”: If successful, the database mounts with zero data loss If unsuccessful (failover), the database mounts based on the AutoDatabaseMountDial setting The mounted database generates new log files (using the same log generation sequence) Transport dumpster requests are initiated for the mounted database to recover lost messages When original server or database recovers, it determines if any logs are missing or corrupt, and fixes them if possible

How Personal Archives Work in Exchange Server 2010 The Personal Archive: Must be in the same mailbox database as the primary mailbox Appears as a folder in Outlook 2010 or Outlook Web App Is indexed and searchable Is not cached in Outlook Can be managed using messaging records management policies Exchange Server 2010 Personal Archives require a secondary or archive mailbox for the user Personal Archives can help organizations meet legal and corporate requirements by ensuring that all messages are stored in an Exchange server mailbox

Disaster Mitigation Options in Exchange Server 2010 Risk Mitigation Option Loss of a message Configure recoverable items folder and deleted item retention settings Recover messages from backup by using the recovery database Loss of a mailbox Configure and use mailbox retention settings Configure hold policy, and recover it Back up the Exchange Server data, and recover database to a recover database Loss of a database or server Create a DAG on another server Recover the server from backup Install Exchange with /m:RecoverServer option Logical corruption in the database Create a lagged database copy in a DAG environment Backup the Exchange Server data, and recover database

Disaster Recovery Options for Mailbox Servers Exchange Server 2010 provides the following disaster recovery features for Mailbox servers: Disaster recovery with DAGs Point-in-time database snapshot with lagged copy of DAG Mailbox servers in a DAG can host other server roles Recovery database to recover mailboxes, folders, or items Lower cost of DAG backup compared to existing backup

What Is Database Mobility? To move a mailbox database to another server: Perform a soft recovery on the database Create the destination mailbox database Move the database files and mount the database Reconfigure the user mailboxes Database mobility enables you to move mailbox databases between Mailbox servers

High Availability Solution for Mailbox Servers Mailbox data high availability: Single database failover Requires failover clustering feature Allows up to 16 copies of each database Allows up to 14 days for lag copies Public Folder high availability: Leverages Public Folder replication Is similar to previous Exchange Server versions

What Is the Transport Dumpster? The transport dumpster: Protects against Mailbox server failures when transaction logs have been lost Keeps copies of all messages delivered in the transport queue (mail.que) until the transaction logs have replicated to all servers in the DAG, or until the maximum dumpster size is reached Redelivers missing messages when a failure occurs

Transport server delays message deletion until it verifies that the message has been delivered past the next hop How Shadow Redundancy Provides High Availability for Hub Transport Servers Hub External SMTP Mail Server Edge2 Edge1

Exchange 2010 integration with the Cloud Integrates with Office 365 On Premise Mailbox server with: – Hosted Client Access Server – Hosted Hub Transport Server – Hosted Lync Server uses on-premise mailbox DB

Options for Integrating Exchange Server 2010 and Exchange Online Services Exchange Online Services: Enables and calendar functionality hosted by Microsoft Enables co-existence and migration of mailboxes and global address lists Enables both on-premise and hosted mailboxes with Exchange Server 2010 Is part of the Business Productivity Online solution

Powershell 2.0 and Exchange Management Shell Version 2.0 provides Remote Management Exchange Management Shell is a superset of Powershell

What Are the Exchange Management Shell and Windows PowerShell? The Exchange Management Shell is a command-line interface used for administering Exchange Server 2010 The Exchange Management Shell is built on Windows PowerShell 2.0 remoting Windows PowerShell is an extensible scripting and command-line technology that developers and administrators can use to: Perform a specific task Combine cmdlets to perform complex administrative tasks

The Benefits of Remote Windows PowerShell Remote Windows PowerShell 2.0 enables: Role Based Access Control Client/server management model Standard protocols allow easier management through firewalls

Exchange 2010 provides ongoing protection through: Discovery Group ALL s go through the Hub Transport Domain Security filtering

The Edge Transport server role: What Is the Edge Transport Server Role? The Edge Transport server role provides: Internet message delivery Antivirus and anti-spam protection Edge transport rules Address rewriting Cannot be deployed with any other server role Should not be a member of the internal Active Directory domain Should be deployed in a perimeter network

Forefront Protection 2010 for Exchange Benefits of Forefront Protection 2010 for Exchange Server include: Full support for VSAPI Antivirus scan with multiple scan engines Microsoft IP Reputation Service Automated content filtering updates Spam signature updates Premium spam protection

Forefront Protection 2010 Deployment Options You can install Forefront Protection 2010: Only on an Edge Transport server or a Hub Transport server On an Edge Transport server or a Hub Transport server and a Mailbox server When installing Forefront Protection 2010, consider: The number of scan engines required The types of scan engines that should be used

POLLS

Overview of Spam-Filtering Features Feature Filters messages based on: Connection Filtering The IP address of the sending SMTP server Content FilteringThe message contents Sender IDThe IP address of the sending server from which the message was received Sender FilteringThe Sender in the MAIL FROM: SMTP header Recipient FilteringThe Recipients in the RCPT TO: SMTP header Sender ReputationSeveral characteristics of the sender, accumulated over a period of time Attachment Filtering Attachment file name, file name extension, or file MIME content type

Exchange Server 2010 Edge Transport server Exchange Server 2010 Edge Transport server How Exchange Server 2010 Applies Spam Filters Internet Sender Filtering Below SCL Threshold Outlook Safe Senders List Exceed SCL Threshold Recipient Filtering Connection Filtering RBL IP Allow List IP Block List Content Filtering Sender ID Filtering

What Is Domain Security? To set up mutual TLS: Generate a certificate request for TLS certificates Import and enable the certificate on the Edge Transport server Configure outbound Domain Security Configure inbound Domain Security Uses mutual TLS with business partners to enable secured message paths over the Internet & shows an icon in Outlook

When to Use SharePoint Instead of Public Folders ScenarioUsing Public Folders?New to Public Folders? Document Sharing SharePoint may be a better option SharePoint is a better option Calendar Sharing Depends on Outlook version Integrates with Sharepoint Contact Sharing More difficultSharepoint aggregates Discussion Forum Less dynamicSharepoint is better Distribution Group Archive No need to moveUse either Custom Applications SharePoint may be a better option Organizational Forms No need to moveUse InfoPath

Client Access Changes Outlook now goes through CAS HW load balanced CAS arrays Exchange Control Panel Access File Shares Access Sharepoint Libraries Allows Web Ready documents

How Client Access Works RPC/MAPI HTTPS IMAP4 POP3 HTTPS IMAP4 POP3 Mailbox Server Mailbox Server Domain Controller Domain Controller Client Access Server Client Access Server RPC/MAPI

Services Provided by a Client Access Server for Outlook Clients ServiceDescription RPC Client Access Service Enables MAPI connectivity to user mailboxes Autodiscover Enables automatic configuration for Outlook and mobile clients Availability Provides free or busy information MailTips Provides notifications regarding issues with sending a message Offline Address Book download Provides offline address book download for Outlook clients Exchange Control Panel (web Based) Provides User & Administrative interface for accessing mailbox and recipient information Exchange Web Services Provides a developer interface for accessing all Exchange server content and settings Service Outlook Anywhere Enables RPC over HTTPS access to user mailboxes

Introducing the Exchange Control Panel ECP provides Web-based user access to self-manage: Deleted item recovery Public groups ActiveSync (report wipes, logs) Text message configuration Account information (location, phone numbers, etc.) Outlook Web App features (signature, message options, etc.) Inbox rules Automatic replies Report delivery Call Answering Rules

What Is File and Data Access for Outlook Web App? With file and data access, you can configure: File and data access for Outlook Web App enables users to access attachments and files stored on other servers WebReady document viewing Direct file access Different settings when users connect from public or private computers Access to files stored on Windows SharePoint Services servers and Windows file shares Restrict access to files based on file types or internal servers