Presentation is loading. Please wait.

Presentation is loading. Please wait.

How the Microsoft Information Technology organization designed the corporate Exchange Server 2007 environment Published: November 2007 Exchange Server.

Published byDerek Alexander Modified over 9 years ago

Similar presentations

Presentation on theme: "How the Microsoft Information Technology organization designed the corporate Exchange Server 2007 environment Published: November 2007 Exchange Server."— Presentation transcript:

1 How the Microsoft Information Technology organization designed the corporate Exchange Server 2007 environment Published: November 2007 Exchange Server 2007 Design and Architecture at Microsoft

2 Agenda ● Solution overview ● Reasons for Microsoft IT to use Exchange Server 2007 ● Environment prior to Exchange Server 2007 ● Planning and design process ● Architecture and design decisions ● Deployment planning ● Best practices

3 The costs and general limitations associated with the platforms and technologies used in the Exchange Server 2003 environment prevented Microsoft IT from efficiently meeting emerging messaging and business needs. The costs and general limitations associated with the platforms and technologies used in the Exchange Server 2003 environment prevented Microsoft IT from efficiently meeting emerging messaging and business needs. Solution Overview Business Challenge Solution Results/Benefits With Exchange server 2007 Microsoft IT created new opportunities to drive down costs and system complexities, increase security, and deploy new features not available in previous versions of Exchange Server. With Exchange server 2007 Microsoft IT created new opportunities to drive down costs and system complexities, increase security, and deploy new features not available in previous versions of Exchange Server. Increased reliability. Increased reliability. Larger mailbox sizes. Larger mailbox sizes. Reduced total cost of ownership (TCO). Reduced total cost of ownership (TCO). Increased protection against spam. Increased protection against spam. Reduced topology complexities. Reduced topology complexities. improved regulatory compliance improved regulatory compliance Enhanced remote access and mobility options. Enhanced remote access and mobility options.

4 Reasons for Microsoft IT to use Exchange Server 2007 ● Increase employee productivity ● Increase operational efficiency ● Decrease security risks ● Decrease costs “Our mission is to deliver value by enabling people with innovative and reliable information technology solutions that seamlessly integrate with, and improve, how people work..” Jim DuBois General Manager, MSIT Microsoft Corporation

5 Environment Prior to Exchange Server 2007

6 Environment Prior to Exchange Server 2007 (Directory Infrastructure) ● Multiple forests for various legal and business requirements ● 70% of resources in Corporate forest – over 1 million objects ● 9 domains in corporate forest based on geography ● 202 sites in hub and spoke topology ● Dedicated Exchange site in Redmond

7 Environment Prior to Exchange Server 2007 (Directory Topology)

8 Environment Prior to Exchange Server 2007 (Messaging Topology) ● Centralized administration from Redmond ● Four administrative groups (North America, Dublin, Singapore, and Sao Paulo) ● Routing topology correspond to WAN links ● Routing group connectors between routing groups with default option ● Four central bridgehead servers in North America as remote bridgehead servers in the RGC configuration ● Inbound Internet mail messages through two redundant locations

9 Environment Prior to Exchange Server 2007 (Messaging Topology) Routing group Mailbox servers (clustered) Public-folder servers Bridge-head servers Front-end servers Gateway servers Special purpos e RG_REDMOND- EXCHANGE 2158603 RG_DUBLIN62220 RG_SINGAPORE52220 RG_SAO PAULO 1200 RG_REDMOND PERIMETER 000030 RG_SILICON VALLEY PERIMETER 000030

10 Planning and Design Process

11 Architecture and Design Decisions ● Administration and permissions model ● Message routing topology ● Server architectures and designs ● Mailbox storage design ● Backup and recovery ● Client access server topology ● Unified messaging ● Internet mail connectivity “Microsoft IT is our first and best customer. Almost two years prior to RTM, Microsoft IT began with pre-release production deployments to help us build an excellent product. The close relationship with Microsoft IT is so vital to our culture of quality and customer satisfaction that we do not ship products or service packs until Microsoft IT signs off on the enterprise readiness. We shipped Exchange Server 2007 on December 7, 2006, with the confidence and proof in hand that the product delivers on its potential to help customers build reliable enterprise-class messaging environments while reducing total cost of ownership.” Terry Myerson General Manager Exchange Server Product Group Microsoft Corporation

12 Administration and Permissions Model ● ● Security Principles and Guidelines ● Exclusive Microsoft IT Management ● Centralized System Administration ● Default Permissions Mode ● Formal Approval Process ● Permissions Review

13 Administration and Permissions Model (Approval Processes)

14 Message Routing Topology ● Network Infrastructure and Site Consolidation ● Dedicated Exchange Sites in the Active Directory Topology ● Optimized Message Transfer Between Hub Transport servers ● Connectivity to Remote SMTP domains ● Increased Message Routing security ● Coexistence with Exchange Server 2003

15 Message Routing Topology (Network Infrastructure and Site Consolidation) ● Physical network -> IP routing topology -> Active Directory site topology ● Previous consolidation With Exchange 2003 made planning easier ● Many benefits of consolidated datacenters ● ● Uncomplicated messaging topology ● ● Best possible Hub Transport server utilization ● ● Reduced chance of server communication issues

16 Message Routing Topology (Dedicated Exchange Sites in the Active Directory Topology)

17 Message Routing Topology (Optimized Message Transfer Between Hub Transport servers)

18 Message Routing Topology (Increased Message Routing Security) ● Messaging traffic encryption and lab environment exception ● Technologies used ● IPSec ● Transport layer (TLS) ● Restricted access to SMTP submission points ● Forefront Security on Hub Transport and Edge Transport

19 Message Routing Topology (Coexistence with Exchange Server 2003) ● Special routing group where Active Directory site topology defines the message routing topology

20 Message Routing Topology (Coexistence with Exchange Server 2003) Routing group connector Local bridgeheads Remote bridgeheads From RG_REDMOND to EXCHANGE ROUTING GROUP (DWBGZMFD01QNBJR) Any local server can send mail over this connector. This enables all Exchange 2003 servers to transfer messages directly to the Hub Transport servers without involving Exchange 2003 bridgeheads. All Hub Transport servers located in ADSITE_REDMOND-EXCHANGE From EXCHANGE ROUTING GROUP (DWBGZMFD01QNBJR) to RG_REDMOND All Hub Transport servers located in ADSITE_REDMOND-EXCHANGE. All Hub Transport servers located in RG_REDMOND From RG_DUBLIN to EXCHANGE ROUTING GROUP (DWBGZMFD01QNBJR) Any local server can send mail over this connector. All Hub Transport servers located in ADSITE_DUBLIN From EXCHANGE ROUTING GROUP (DWBGZMFD01QNBJR) to RG_DUBLIN All Hub Transport servers located in ADSITE_DUBLIN. The public-folder servers in RG_DUBLIN, which also function as bridgehead servers From RG_SINGAPORE to EXCHANGE ROUTING GROUP (DWBGZMFD01QNBJR) Any local server can send mail over this connector. All Hub Transport servers located in ADSITE_SINGAPORE From EXCHANGE ROUTING GROUP (DWBGZMFD01QNBJR) to the Singapore routing group All Hub Transport servers located in ADSITE_SINGAPORE. The public-folder servers in RG_SINGAPORE, which also function as bridgehead servers

21 Server Architectures and Designs ● Flexible and Scalable Messaging Infrastructure ● Multiple-Role and Single-Role Server Designs ● Scaling Up Server Designs

22 Server Architectures and Designs (Flexible and Scalable Messaging Infrastructure)

23 Server Architectures and Designs (Multiple-Role and Single-Role Server Designs) Server role Red- mond Silicon Valley Dublin Singa- pore Sao Paulo Technology Mailbox31015151 Microsoft Windows Clustering and CCR. Network interface card (NIC) teaming by using NICs connected to different switches Edge Transport 33220 Domain Name System (DNS) round robin and Mail Exchanger (MX) records with same cost values. Multiple Hub Transport servers as bridgeheads in Send Connector configuration Hub Transport 80331 Automatic load balancing through Mail Submission Service. Edge Subscriptions for Hub/Edge connectivity. Client Access 16064 Web Publishing Load Balancing (WPLB) on Microsoft Internet Security and Acceleration (ISA) Server 2006. Microsoft Network Load Balancing (NLB) internally. Unified Messaging 7022 Automatic round robin load balancing between Unified Messaging servers. Multiple voice over IP (VoIP) gateways per dial plan.

24 Server Architectures and Designs (Scaling Up Server Designs) ● New scaled-up Mailbox designs after initial rollout ● Up to 6000 users with 500 MB mailboxes ● Quad-core Intel Xeon with 16 GB RAM to eliminate bottleneck

25 Mailbox Storage Design ● Eliminating Storage as the Single Point of failure ● Reducing Storage Costs and Configuration Complexities ● Optimizing the Storage Design for Reliability and Recoverability ● Standardizing the Storage Design

26 Mailbox Storage Design (Eliminating Storage as the Single Point of Failure) ● CCR configuration with cluster nodes and the file- share witness in the same Active Directory site

27 Mailbox Storage Design (Optimizing the Storage Design for Reliability and Recoverability) ● CCR still requires reliability and recoverability provisions at storage and server levels ● Microsoft IT uses these strategies ● ● RAID ● ● Separate transaction logs from database files ● ● No circular logging on Mailbox servers ● ● Configure multiple storage groups per Mailbox server

28 Mailbox Storage Design ● Standardizing the Storage Design

29 Mailbox Storage Design ● 6000-user mailbox server with two USBBs per cluster node

30 Backup and Recovery ● Performing VSS-Based Backups on Passive Node ● Eliminating Backups to Tape ● Optimizing Backup Cycles According to SLAs

31 Backup and Recovery (Performing VSS- Based Backups on Passive Node) ● Software VSS backups on passive node with DPM

32 Backup and Recovery (Eliminating Backups to Tape) ● 14 days of online database backups

33 Backup and Recovery (Optimizing Backup Cycles According to SLAs) ● New 500 MB and 2 GB quotas would overtax existing backup processes ● Weekly full, daily incremental ● Seven storage groups on each LUN Storage group MonTueWedThuFriSatSun SG 1 FullIncIncIncIncIncInc SG 2 IncFullIncIncIncIncInc SG 3 IncIncFullIncIncIncInc SG 4 IncIncIncFullIncIncInc SG 5 IncIncIncIncFullIncInc SG 6 IncIncIncIncIncFullInc SG 7 IncIncIncIncIncIncFull

34 Client Access Server Topology ● Preserving Existing Namespaces for Mobile Access to Messaging Data ● Increasing Security Based on ISA Server 2006 ● Providing Load Balancing and Fault Tolerance for External Client Connections ● Providing Load Balancing and Fault Tolerance for Internal Client Connections ● Optimizing Offline Address Book Distribution ● Enabling Cross-Forest Availability Lookups

35 Client Access Server Topology (Preserving Existing Namespaces for Mobile Access to Messaging Data) ● 60,000 Outlook Web Access unique users per month and 30,000 ActiveSync sessions ● Existing Multiple URL namespaces to distribute load that need to be preserved with Exchange 2007 ● Deploy Client Access servers, verify, then migrate users ● Each Active Directory site with Mailbox servers must also include Client Access servers ● Redirect Office Outlook Web Access users to Client Access servers that are local to the user’s Mailbox server via ExternalURL property ● Client Access servers act as proxy servers for local Client Access servers (Exchange ActiveSync, Exchange Web Services)

36 Client Access Server Topology (Increasing Security Based on ISA Server 2006) ● Stateful inspection and application-layer filtering ● Blocks any traffic that appears out of context, such as requests to initiate a connection on an established session ● SSL bridging process enables ISA Server 2006 to filter invalid data packets before the traffic reaches the Client Access servers ● Externally trusted SSL certificates for both external and internal traffic

37 Client Access Server Topology (Providing Load Balancing and Fault Tolerance for External Client Connections)

38 Client Access Server Topology (Providing Load Balancing and Fault Tolerance for Internal Client Connections)

39 Client Access Server Topology (Optimizing Offline Address Book Distribution)

40 Client Access Server Topology (Enabling Cross-Forest Availability Lookups)

41 Unified Messaging (Topology)

42 Unified Messaging (Redundancy and Load Balancing)

43 Unified Messaging (Security) ● Many possible security issues: SIP Proxy impersonation, session hijacking, sniffing, etc ● Secure protocols such as MTLS can mitigate risk ● Trusted LANs, VLANs, and other methods of segmentation ● IPSec ● General practices such as strong password

44 Unified Messaging (Feature and User Considerations) ● Some settings and features with default values, some customized ● Need to customize dial plans, VoIP gateway partners, hunt groups, mailbox policies, etc. ● Need to inform users of changes and provide documentation for self-service ● Microsoft created custom e-mail templates ● Custom intranet site with documentation for usage and user self-service

45 Internet Mail Connectivity ● Inbound and Outbound Message Transfer ● Redundancy and Load Balancing ● Increasing Perimeter Network Security ● Server Hardening ● Optimizing Spam and Virus Scanning ● Optimizing Outbound Message Transfer

46 Internet Mail Connectivity (Inbound and Outbound Message Transfer)

47 Internet Mail Connectivity (Redundancy and Load Balancing) ● Multiple Hub Transport servers with Edge Transport servers ● All Hub Transport servers transfer outbound messages to local Edge Transport servers ● Edge Transport servers can transfer inbound messages to Hub Transport servers ● For inbound messages, DNS round-robin and MX records with preference value of 10 ● Edge Transport servers in Europe and North America

48 Internet Mail Connectivity (Increasing Perimeter Network Security)

49 Internet Mail Connectivity (Server Hardening) ● Ports ● Services ● File Shares ● Accounts ● Security updates

50 Internet Mail Connectivity (Optimizing Spam and Virus Scanning) ● ● Connection-filtering configuration ● IP block-list, IP allow-list providers, and Sender Reputation Level ● ● Recipient-filtering configuration ● ● Content-filtering configuration ● ● Store SCL: 5 ● ● Reject SCL:7 ● ● No delete or quarantine SCL ● ● Attachment-filtering configuration with Forefront Security

51 Internet Mail Connectivity (Optimizing Outbound Message Transfer) ● Built-in protection on SMTP connectors, including header firewall, tarpitting, backpressure, etc ● One receive connector that faces the Internet and one send connector for transferring incoming e- mail to Hub Transport servers ● One receive connector faces Hub Transport servers for outbound messages ● Three send connectors for relaying outbound messages to Internet hosts

52 Deployment Planning ● Introducing Exchange Server 2007 into the Corporate Production Environment ● Verifying the Successful Integration of Exchange Server 2007 ● Fully Deploying Client Access Servers in North America ● Fully Deploying Hub Transport Servers in North America ● Deploying Mailbox Servers in North America ● Introducing Edge Transport Servers in North America ● Deploying Forefront Security for Exchange Server 2007 ● Deploying Exchange Server 2007 in Regional Data Centers ● Switching the Messaging Backbone to Exchange Server 2007 ● Completing the Transition to Exchange Server 2007

53 Deployment Planning (Fully Deploying Client Access Servers in North America)

54 Deployment Planning (Fully Deploying Servers in North America) ● Hub Transport role including SMTP connectors ● Mailbox role and user migration – at least 16,000 mailboxes before other deployment tasks ● Edge Transport coexistence and replacement ● Forefront Security

55 Planning and Design Best Practices ● ● Clearly define goals ● ● Design for production in mind ● ● Design for peak load days ● ● Test in lab environment ● ● Identify key risks ● ● Develop rollback and mitigation procedures

56 Server Design Best Practices ● ● Use multiple-core processors and design storage based on both capacity and I/O performance ● ● Use VSS-based backup ● ● Eliminate single points of failure

57 Deployment Best Practices ● ● Establish flexible and scalable messaging infrastructure ● ● Carefully plan URL namespaces ● ● Manage permissions through security groups ● ● Use fewest permissions necessary ● ● Use Forefront and multiple layers of protection ● ● Place Edge Transport servers in a perimeter network ● ● Use ISA Server 2006 to publish Client Access servers

58 Summary ● Messaging environment hosts 130,000-plus mailboxes with 500 MB and 2 GB quotas in 4 datacenters on 62 Mailbox servers ● 25 Client Access, 15 Hub Transport, 10 Edge, and 11 Unified Messaging servers ● Many cost and reductions with transition to Exchange Server 2007 ● Migration from SAN to DAS storage with Exchange Server 2007 ● USBBs enable scaling up Mailbox servers ● Eliminated single points of failure ● Increased security and better filtering

59

60 For More Information ● Additional content on Microsoft IT deployments and best practices can be found on http://www.microsoft.com http://www.microsoft.com ● Microsoft IT Showcase Webcasts http://www.microsoft.com/howmicrosoftdoesitw ebcasts http://www.microsoft.com/howmicrosoftdoesitw ebcasts http://www.microsoft.com/howmicrosoftdoesitw ebcasts ● Microsoft TechNet http://www.microsoft.com/technet/itshowcase http://www.microsoft.com/technet/itshowcase

61 This document is provided for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation. All rights reserved. This technical white paper presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Microsoft Press, Active Directory, ActiveSync, Forefront, Outlook, Windows, and Windows Server are either registered are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Download ppt "How the Microsoft Information Technology organization designed the corporate Exchange Server 2007 environment Published: November 2007 Exchange Server."

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Unified Communications Bill Palmer ADNET Technologies, Inc.
The following 10 questions test your knowledge of Internet-based client management in Configuration Manager 2007. Configuration Manager 2007 Internet-Based.

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.
Mission Critical Messaging Platform Roni Havas Unified Communications Solution Specialist Specialists Technology Unit – EPG - Microsoft Israel

Mission Critical Messaging Platform Roni Havas Unified Communications Solution Specialist Specialists Technology Unit – EPG - Microsoft Israel
Overview of Server Roles in Exchange Server 2010 In Exchange Server 2010, servers are installed with specific functional roles: Mailbox Server role Edge.

Overview of Server Roles in Exchange Server 2010 In Exchange Server 2010, servers are installed with specific functional roles: Mailbox Server role Edge.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 14 Upgrading to Exchange Server 2003.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 14 Upgrading to Exchange Server 2003.
F5 Solution for Microsoft Exchange 2010 James Hendergart Business Development Manager Helen Johnson Solution Engineer.

F5 Solution for Microsoft Exchange 2010 James Hendergart Business Development Manager Helen Johnson Solution Engineer.
Going 64-bit with Microsoft Exchange Server 2007 Published: November 2006.

Going 64-bit with Microsoft Exchange Server 2007 Published: November 2006.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation

Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Managing LOB Applications by Using System Center Operations Manager Published: March 2007.

Managing LOB Applications by Using System Center Operations Manager Published: March 2007.
Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.

Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Exchange 2007 Overview. What Will We Cover? New features in Microsoft® Exchange 2007 The Exchange Management Console The Exchange Management Shell New.

Exchange 2007 Overview. What Will We Cover? New features in Microsoft® Exchange 2007 The Exchange Management Console The Exchange Management Shell New.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Similar presentations

Ads by Google