330 likes | 520 Views
Exchange 2007 The First 100 Days. Jim McBee Ithicos Solutions jim@cta.net. Who is Jim McBee!!??. Consultant, Writer, MCSE, MVP and MCT – Honolulu, Hawaii (Aloha!) Principal clients (Dell, Microsoft, SAIC, Servco Pacific) Author – Exchange 2003 24Seven (Sybex)
E N D
Exchange 2007 The First 100 Days Jim McBee Ithicos Solutions jim@cta.net
Who is Jim McBee!!?? Consultant, Writer, MCSE, MVP and MCT – Honolulu, Hawaii (Aloha!) Principal clients (Dell, Microsoft, SAIC, Servco Pacific) Author – Exchange 2003 24Seven (Sybex) Contributor – Exchange and Outlook Administrator Blog http://mostlyexchange.blogspot.com http://www.directory-update.com
Audience Assumptions You have at least a few months experience running Exchange 5.5, 2000, or 2003. You have worked with Active Directory You can install and configure a Windows 2000 / 2003 server
This session’s coverage Presentation and demos – About 65 minutes Should you upgrade now? Finding compelling reasons to do so and the challenges Planning, preparation, and prerequisites Deployment and checklists Lessons learned Cleanup Please check my blog for the latest updates to these slides: http://mostlyexchange.blogspot.com Book give away – Drop off your business card or write your name on a slip of paper Questions and answers I’ll try to take questions as they come up as long as this does not slow us down too much.
Should you upgrade? • Why do you want to upgrade? • What is the compelling argument to upgrade? • Challenges for early adopters
Why Upgrade? Easier to deploy Consistent script, command line, and GUI management Simplified Exchange Management Console Easier to administer Automatic Outlook 2007 setup No more RGs/AGs; route and delegate via native AD Customize quota and NDRs Exchange Management Shell Better scalability and performance 64-bit architecture Major IOPS reductions Unified communications Integrated voice mail & fax support Outlook Voice Access Better security & compliance Edge Transport role in perimeter with improved message hygiene Improved message transport security Opportunistic TLS Transport rules (disclaimers, message security, attachment filtering) Messaging records management Per-recipient journaling Better availability & resilience Local Continuous Replication Restore databases to any server Cluster Continuous Replication Standby Continuous Replication Better user experience Improved OWA with SharePoint and file server document access Pre-schedule OOF messages Windows Mobile 6 and 6.1 support Calendar Concierge
Challenges for early adopters • Not a lot of E2K7 “knowledge” out there • Few KB articles, walkthroughs, whitepapers • Not much help in the newsgroups • Can’t find experienced consultants • Lack of training • PowerShell and the Exchange Management Shell • No built-in tools for migrating from other mail systems • Complexity in generating certificates / vendors supporting SAN certificates • Still some Exchange 5.5 out there
Barriers and show stoppers • No in-place upgrade, must install new hardware • Windows 2003 x64 / 64-bit servers • Third party software must catch up • Some E2K/E2K3 features not supported • OWA access to public folders until SP1 • OWA S/MIME control • No public folder admin via GUI until SP1 • Some applications may need to be re-written • CDOExM / Exchange WMI / EDK Gateway / CDO for WorkFlow
Exchange 2000/2003 Features Not Supported • Novell GroupWise connector • cc:Mail Connector • Microsoft Mail Connector • Key Management Service • Mobile Information Server • Instant Messaging service • Exchange Chat Service • Exchange Conferencing Server
Preparation, Planning, and Prerequisites • Evaluate your existing environment • Hardware and software requirements • Exchange 2000/2003 prerequisites • Active Directory Prerequisites
Existing messaging environment • List all third party software that ties in with Exchange including: • Backup / snapshot / DR software • Faxing / mail gateways / Unified Messaging • Disclaimer software • Antivirus / anti-spam • CRM / ERM / LOB application integration • What custom software is in use • Anything you have written in house • SSL certificates • Shared resource management • Research what it takes to replace or upgrade each of these • Run the Exchange Best Practices analyzer • Document your current configuration including routing groups and routing group bridgehead servers • Frequently overlooked!
Hardware requirements • Hardware is the least of your worries • Recommend at least dual core x64 based system • 4GB RAM minimum – 6GB to 8GB better • You can put in a hard limit on RAM used for caching • Lots of disk space!
Exchange 2000/2003 Prerequisites • Confirm all Exchange 5.5 components are gone • Switch to E2K/E2K3 native mode • Disable link state • Recommend getting rid of un-used public folders if possible (not required) • Check public folder Exchange aliases • No spaces!
Verify compatibility • Main suspects • A/V and message hygiene software • Faxing/Voicemail/UM software • Blackberry server • Backup software and/or procedures • Storage system and VSS software • You may have to keep an E2K/E2K3 server running
Active Directory Prerequisites • Schema master DC must be W2K3 SP1 • E2K7 can only use global catalogs running W2K3 SP1 • Domains that host users that need mailboxes or E2K7 servers must be in Windows 2000 native mode or higher
Active Directory forest preparation • Prepare legacy permissions • setup /PrepareLegacyExchangePermissions • Prepare schema • Setup /PrepareSchema • Prepare the root domain • Setup /PrepareAD • Prepare child domains • Setup /PrepareAllDomains
Active Directory Sites • Get your site architecture cleaned up • Ensure that Site Links are correct • Ensure that every subnet that contains domain controllers and Exchange servers is assigned to the correct site • Each Active Directory site that will contain an Exchange 2007 server must have domain controllers and global catalog servers
Deployment Path • Upgrade options • Deployment order • Checklist after installation
Upgrade path • No direct upgrade • E2K7 can NOT be installed on an E2K/E2K3 server • x64 Windows • New database format • Add new E2K7 servers to existing organization • New Admin Group / Routing Group is created • Move resources (OWA, connectors, mailboxes)
Deployment order (recommended) • Install Client Access servers • E2K/E2K3 clients can use OWA against CAS • Install Hub Transport servers • All HT servers to start routing inbound / outbound mail • Create RGCs to other E2K/E2K3 RGs • Install Mailbox servers • Move mailboxes
Things to know • All E2K7 mailbox creation and management must be done using E2K7 tools • Once E2K7 is installed, all organization wide properties must be managed via E2K7 management tools
Post Exchange 2007 installation checklist • Enter product keys • Change Offline Address Book generation servers and configure OAB for Web Distribution • Ensure that each E2K/E2K3 RG has connectors to E2K7 RG • Issue SSL certificates for Client Access server • Create ActiveSync and Messaging Records Management policies before moving mailboxes • Assign ActiveSync and Messaging Records Management policies to mailboxes after they are moved • Run the ExBPA • Enable Outlook Anywhere (RPC over HTTP)
Post Exchange 2007 installation checklist • Create a Send connector to deliver outbound SMTP mail • On one more more Hub Transport servers, allow anonymous access to Default Receive connector to allow inbound SMTP mail • Check Accepted Domains to verify that they translated properly • Check E-mail address policies to make sure they translated properly • May need to upgrade using Set-EmailAddressPolicy cmdlet • See http://preview.tinyurl.com/yvu5kt • Replicate public folders • See scripts in …\exchange server\scripts
Migration 1 • Single E2K3 server • Migrating to single E2K7 server
Migration 2 • Single E2K server • Migrating to E2K7 clustered continuous replication • Using 4 servers • Active clustered mailbox server • Passive clustered mailbox server • 2 NLB Hub Transport / Client Access servers
Migration 3 • Exchange 5.5 to Exchange 2007 • Migrate to E2K3 for a few days • Migrate on to E2K7
Problems and challenges during deployment • Problems with recipient policies • Invalid servers / invalid filters • Public folder management • Use E2K7 SP1 / Use EMS / Use E2K3 ESM / PFDAVAdmin • E2K3 SMTP VS using external DNS • E2K3 SMTP VS using a smart host • Getting certificates created properly with subject alternate names • Making sure that administrators start using EMC or EMS for organization management
Problems and challenges during deployment • Not making routing group connections for new routing groups • Shift in cluster management procedures • Move mailboxes using EMS or EMC • Remember to assign ActiveSync policies AFTER moving mailbox • Update ISA Server 2006 with KB 925403 • Public folder replicas when using CCR • Changing outbound mail flow (message hygiene appliance reconfiguration for relay host)
Cleanup • Remove Public Folder replicas • Reassign Recipient Update Services to E2K7 servers • Delete existing routing group connectors • Removing existing servers • Use E2K/E2K3 setup or Control Panel -> Add/Remove Programs • Do NOT delete the administrative group that holds the public folder hierarchy
Drawing for book giveaway Did you get your business card to me?
Questions? Thanks for attending!
More information… Tips and Tricks for Secure Messaging eBook by Jim McBee http://nexus.realtimepublishers.com/ttgsm.htm My blog (Mostly Exchange) http://mostlyexchange.blogspot.com Paul Robichaux’s Exchange Security blog http://www.e2ksecurity.com/ Paul Robichaux’s Secure Messaging with Microsoft Exchange Server 2003 book (Microsoft Press, 2004) Exchange 2003 Support Home Page http://support.microsoft.com/default.aspx?scid=fh;EN-US;exch2003 Slipstick Systems http://www.slipstick.com Security for Exchange: Assessment, Auditing, and Hardening presentation slides http://preview.tinyurl.com/32m3dt
Your Feedback is Important Please fill out a session evaluation form and either put them in the basket near the exit or drop them off at the conference registration desk. You could win one of 10 subscriptions to TechNet Plus Direct: The essential resource for IT Professionals . Winners will be drawn and names will be posted Tuesday morning from Monday evals, Wednesday morning from Tuesday evals, and during closing session from Wendesday evals. Include your badge number on your session eval so we can figure out the winners! Thank you!