1 / 47

Microsoft Exchange Server 2010 Management and Operations

Microsoft Exchange Server 2010 Management and Operations. Ilse Van Criekinge TSP Core UC Microsoft BeLux Session Code: UNC316. Content. Introduction Exchange Management Console (EMC) Exchange Control Panel (ECP) Role Based Access Control (RBAC) Remote PowerShell Monitoring.

kamea
Download Presentation

Microsoft Exchange Server 2010 Management and Operations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft Exchange Server 2010 Management and Operations Ilse Van Criekinge TSP Core UC Microsoft BeLux Session Code: UNC316

  2. Content • Introduction • Exchange Management Console (EMC) • Exchange Control Panel (ECP) • Role Based Access Control (RBAC) • Remote PowerShell • Monitoring

  3. Exchange 2010 InvestmentsSimplify Administration The annual cost of helpdesk support staff for e-mail systems with 7,500 mailboxes is approximately $20/mailbox. This cost goes up the smaller the organization. (“Email Support Staff Requirements and Costs: A Survey of 136 Organizations”, Ferris Research, June 2008). • Empower Specialist Users to Perform Specific Tasks with Role-based Administration • Compliance Officer - Conduct Mailbox Searches for Legal Discovery • HR Officer - Update Employee Info in Company Directory • Lower Support Costs Through New User Self-Service Options • Track Status of sent messages • Create and Manage Distribution Lists

  4. Exchange 2010 ManagementWhat's New? • New Exchange Management Console (EMC) features • Exchange Control Panel (ECP) • New and simplified web based management console • Targeted for end users, hosted tenants, and specialists • Role Based Access Control (RBAC) • New authorization model • Easy to delegate and customize • All Exchange management clients (EMS, EMC, ECP) use RBAC • Remote PowerShell • Manage Exchange remotely using PowerShell v2.0 • Note: No more local PowerShell, it's all remote in Exchange 2010 • Monitoring

  5. Exchange 2010 ManagementSupported OS platforms • All of Exchange 2010 is 64-bit only • Admin-tools also require 64 bit OS • Supported OS platforms for Admin/Management Tools • Vista x64 SP1 (*may be SP2) • W2k8 x64 SP2 • Windows7 x64 Client and W2k8 R2 x64 • Remote PowerShell management • Does not require Exchange binaries at the client • Supported client OS platforms • Vista (x86 or x64) • W2k8 (x86 or x64) • W2k8 R2 (x86 or x64) or Win7 (x86 or x64) • W2k3 (x86 or x64) • XP (x86 or x64)

  6. Content • Introduction • Exchange Management Console (EMC) • Exchange Control Panel (ECP) • Role Based Access Control (RBAC) • Remote PowerShell • Monitoring

  7. Exchange Management Console (EMC)Improvements • Built on Remote PowerShell and RBAC • Multiple Forest Support • Cross-premises Exchange 2010 Management • Including Mailbox Moves • Recipient Bulk Edit • PowerShell Command Logging • New feature support • For example: High Availability

  8. demo Exchange Management Console

  9. Content • Introduction • Exchange Management Console (EMC) • Exchange Control Panel (ECP) • Role Based Access Control (RBAC) • Remote PowerShell • Monitoring

  10. Exchange Control Panel (ECP)What is it? • A browser based Management client for end users, administrators, and specialists • Accessible directly via URL, OWA & Outlook 2010 • Deployed as a part of the Client Access Server role • Simplified user experience for common management tasks • RBAC aware

  11. ECP Architecture Overview • High Level View • AJAX-based • Shares some code with OWA, but two separate applications • Deployed on Client Access Server • ECP  ASP.Net  RBAC  PowerShell • Authentication • Windows Integrated, Basic, Forms Based • Browser support - Same as OWA • IE • Firefox • Safari Web Browser ECP Client Library AJAX Client Access Server HTTP.SYS (IIS) LiveId/FBA Auth ECP Server Library RBAC PowerShell Exchange Cmdlets

  12. Exchange Control PanelWho will use it? • Specialists and administrators • Administrators can delegate to specialists e.g. Help Desk Operators, Department Administrator, and eDiscovery Administrators • End Users • Comprehensive self service tools for End Users • Hosted Customers • Tenant Administrators and Tenant End Users

  13. Exchange Control Panel: User View Secondary Navigation Primary Navigation

  14. Exchange Control Panel: Admin View UI Scope Control Secondary Navigation Primary Navigation

  15. Exchange Control Panel: User Self-Service featuresLower Support Costs Through New User Self-Service Options • Distribution Group Management • Join existing groups • Create and manage groups

  16. Exchange Control Panel: User Self-Service featuresLower Support Costs Through New User Self-Service Options • Message Tracking • Track message delivery • Can be accessed from messages in OWA

  17. Exchange Control Panel: User Self-Service featuresLower Support Costs Through New User Self-Service Options • Edit own details • Modify Address List Contact details

  18. Exchange Control Panel: Administration featuresEmpower Specialist Users • Specialist Administration • Compliance Officers: Multi-mailbox search • HR: Manage Users and Groups

  19. Exchange Control Panel: Administration featuresEmpower Specialist Users • Manage other users • Help Desk can manage user’s OWA options • Can make same changes as targeted user

  20. Exchange Control Panel: Administration featuresEmpower Specialist Users • Manage Permissions • Manage roles • Manage User self-service policies

  21. demo Exchange Control Panel

  22. Content • Introduction • Exchange Management Console (EMC) • Exchange Control Panel (ECP) • Role Based Access Control (RBAC) • Remote PowerShell • Monitoring

  23. RBAC in Exchange 2010 • RBAC has replaced the permission model used in Exchange 2007 • Your “role” is defined by “what you do” • Define precise or broad roles and assignments based on the tasks that need to be performed • Includes self administration • Used by EMC, EMS and ECP

  24. RBAC Management Role AssignmentWho can do What… and Where? Role Assignment Binds a Role and Scope to an Role Holder (Assignee) Role Holder Higher Level Job Function Binding Layer Task-based permissions Individual Permissions Role Entry Command: Parameters Command: Parameters Command: Parameters Role Entry Command: Parameters Command: Parameters Command: Parameters Role Role Entry Command: Parameters Command: Parameters Command: Parameters Role Assignment Role Entry Command: Parameters Command: Parameters Command: Parameters Role Group Role Role Assignment Role Entry Command: Parameters Command: Parameters Command: Parameters Role Assignment Role Administrators / Specialists Role Entry Command: Parameters Command: Parameters Command: Parameters Recipient Scope Configuration Scope What? Who? Where?

  25. Role Assignment Role membership managed through ECP and Exchange Management Shell • Built-In Role Groups • Organization Management • Public Folder Management • Recipient Management • View-Only Organization Management • UM Management • Help Desk • Records Management • Discovery Management • Server Management • Delegated Setup • Hygiene Management

  26. RBAC Role Assignment Policies • New mailboxes are assigned the default assignment policy • A mailbox can have only one role assignment policy Role Holder Higher Level Job Function Binding Layer Task-based permissions Scope = “Self” Role Role Assignment Role Assignment Policy Role Role Assignment Scope = “Self” What? Who? Where?

  27. Customizing Permissions Role assignment policies • Some customization supported through ECP • Changes effect entire user segment • Assignments can be additive or subtractive • Add/Remove-ManagementRoleAssignment • Only applies to end user roles

  28. Customizing Permissions Role groups • Simplest method: Update role groups • Change effects all members • Assignments can be additive or subtractive • Add/Remove-ManagementRoleAssignment

  29. RBAC Role Delegation • Role membership is not a right to delegate • RoleAssignment Delegation • Special kind of role assignment • Delegation does not grant role permissions • RoleGroup Delegation • Controlled through RoleGroup ownership • ManagedBy parameter similar to DGs (Multi-Valued) • Ownership does not grant RoleGrouppermissions

  30. RBAC Permissions Reporting Get-ManagementRoleAssignment • Effective users by role/scope/group • Effective permissions to a writable object

  31. demo Role Based Access Control

  32. Content • Introduction • Exchange Management Console (EMC) • Exchange Control Panel (ECP) • Role Based Access Control (RBAC) • Remote PowerShell • Monitoring

  33. Remote PowerShell • Allows Role-Based Access Control model • Restricted PSSession allows RBAC to hide cmdletsand parameters • Client / Server separation • Local Shell and Remote Shell • Remote PowerShell is always used to connect “remotely” to localhost • Enables firewall and cross-forest scenarios • “No Binaries” scenarios • Exchange-cmdlet management from a client machine which does not have Exchange Management Tools (Exchange binaries) installed

  34. Remote PowerShellHow does it work? > New-PSSession –ConnectionUri http://server.fqdn.com/PowerShell/ > New-Mailbox –Name Robin IIS [Robin Mailbox Object in Pipeline] PSv2 Client Runspace Ilse: Role Assignment New-Mailbox -Name Get-Mailbox Set-Mailbox -Name PSv2 RBACServer Runspace WSMan +RBAC stack: Authorization Ilse Exchange Server IIS: Authentication Cmdlets Available in Runspace: New-PSSession Remote Cmdlets Available in Runspace: New-Mailbox -Name Get-Mailbox Set-Mailbox -Name Cmdlets Available in Runspace: New-Mailbox -Name Get-Mailbox Set-Mailbox -Name

  35. Remote PowerShell and Files • Importing and exporting files changed • Limitations on importing files • 500MB for each cmdlet that’s run • 75MB for each object that’s passed to a cmdlet • Can be altered

  36. demo Remote PowerShell

  37. Content • Introduction • Exchange Management Console (EMC) • Exchange Control Panel (ECP) • Role Based Access Control (RBAC) • Remote PowerShell • Monitoring

  38. Monitoring and Reporting • Greatly reduced alert “noise” • Uses Operations Manager health model to hide “symptom alerts” and leave “root cause alerts” • Only raises alerts for lowest level failure within 90-second window • Faster problem resolution • Reporting • Service Level Agreement (SLA) target support • Mail flow statistics based on message tracking logs • Distribution group usage

  39. Sample Reports

  40. Summary • Exchange Management Console • New Features, Bulk Management, and PowerShell convergence • Role Based Access Control • RBAC has replaced the permission model used in Exchange 2007 • Enables the definition of broad or precise roles and assignments, based on the actual roles administrators perform • Exchange Control Panel • Provides a new way to administer a subsets of Exchange features • Provides a great self provisioning portal • Remote Powershell • Uses familiar Exchange cmdlets • Allows administration without the Exchange management tools • Provides a firewall friendly management access

  41. Required Slide Speakers, please list the Breakout Sessions, TLC Interactive Theaters and Labs that are related to your session. Related Content UNC306 Information Protection and Control in Microsoft Exchange Server 2010 Ilse Van Criekinge 11/11/2009 10:45 - 12:00 UNC201 Introducing Microsoft Exchange Server 2010 Adam Glick, Astrid McClean 11/10/2009 09:00 - 10:15 UNC202 Discover the New OWA: Outlook Web App Adam Glick 11/10/2009 13:30 - 14:45 UNC14-HOL Microsoft Exchange Server 2010 Setup and Deployment

  42. UNC Track Call to Action! Learn More! • Related Content at TechEd on “Related Content” Slide • Attend in-person or consume post-event at TechEd Online • Check out learning/training resources at Microsoft TechNet • Exchange Server and Office Communications Server • Check out Exchange Server 2010 atVirtual Launch Experience (VLE) at thenewefficiency.com Try It Out! • Download the Exchange Server 2010 Trial • Take a simple Web-based test drive of UC solutions through the 60-Day Virtual Experience

  43. Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online. Unified Communications Resources • www.microsoft.com/teched Sessions On-Demand & Community • www.microsoft.com/learning • Microsoft Certification & Training Resources • http://microsoft.com/technet • Resources for IT Professionals • http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification and Training Resources

  44. Required Slide Complete an evaluation on CommNet and enter to win an Xbox 360 Elite!

  45. question & answer

  46. Required Slide © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related