http://technet.microsoft.com/en-us/library/aa996719%28v=exchg.150%29.aspx
AuthN, Proxy, Re-direct Protocols, API, Biz-logic Assistants, Store, CI Exchange 2010 Architecture AuthN, Proxy, Re-direct Store, CI Protocols, Assistants, API, Biz-logic Exchange 2013 Architecture Client Access Mailbox (includes Hub Transport / Unified Msg) Client Access Hub Transport, Unified Messaging Mailbox Hardware Load Balancer
Layer 4 Load balancing Layer 7 Load balancing SP3 E2010 CAS E2010 HUB E2010 MBX Clients
Internet-facing site – upgrade first
autodiscover.contoso.com mail.contoso.com Intranet site Exchange 2010 Servers SP3 1. Prepare
Install Exchange 2010 SP3 across the ORG Prepare AD with Exchange 2013 schema Validate existing Client Access using Remote Connectivity Analyzer and test connectivity cmdlets
4. Switch primary namespace to Exchange 2013 CAS
Exchange 2013 fields all traffic, including traffic from Exchange 2010 users
Validate using Remote Connectivity Analyzer
5. Move Mailboxes
Build out DAG
Move Exchange 2010 users to Exchange 2013 MBX
6. Repeat for additional sites 2. Deploy Exchange 2013 servers
Install both Exchange 2013 MBX and CAS servers
SP3 SP3
E2013 CAS
E2013 MBX
3. Obtain and deploy certificates
Obtain and deploy certificates on Exchange 2013 Client Access Servers
1 2 4 3 5 6 RU E2007 SP3 CAS E2007 SP3 HUB E2007 SP3 MBX Clients
Internet-facing site – upgrade first
autodiscover.contoso.com mail.contoso.com Intranet site Exchange 2007 Servers RU 1. Prepare
Install Exchange 2007 SP3 + RU across the ORG Prepare AD with Exchange 2013 schema and validate
5. Switch primary namespace to Exchange 2013 CAS
Validate using Remote Connectivity Analyzer
6. Move mailboxes
Build out DAG
Move Exchange 2007 users to Exchange 2013 MBX
7. Repeat for additional sites 2. Deploy Exchange 2013 servers
Install both Exchange 2013 MBX and CAS servers
RU RU E2013 CAS E2013 MBX
3. Create legacy namespace
Create DNS record to point to legacy Exchange 2007 CAS 4. Obtain and Deploy Certificates
Obtain and deploy certificates on Exchange 2013 CAS servers configured with legacy namespace, Exchange 2013 namespace, and autodiscover namespace
Deploy certificates on Exchange 2007 CAS
legacy.contoso.com3
1 2 5
4
6 7
Install Exchange 2007 SP3 + coexistence RU using same steps as previous Exchange 2007 roll-ups
Prepare Active Directory with Exchange 2013 schema
Validate existing client access using Remote Connectivity
Analyzer and test connectivity cmdlets
http://www.exrca.com
Prepare1
MBX performs PowerShell commands CAS is proxy only
GUI or command line In-place upgrades not supported Updated to reflect Exchange 2013 roles
New required parameter for license terms acceptance
Install
− Setup.exe /mode:install
/roles:clientaccess
− Setup.exe /mode:install
/roles:mailbox
− Setup.exe /mode:install
/roles:ManagementTools
Other required parameter
- /IAcceptExchangeServerLicenseTerms
Used to access Exchange 2007 during coexistence
Legacy.contoso.com
http://www.exrca.com
Create Legacy Namespace
13First notification shown 30 days prior to expiration Subsequent notifications provided daily
1 4
Minimize the number of certificates
Minimize number of host names
Use split DNS for Exchange host names
mail.contoso.com for Exchange connectivity on intranet and Internet mail.contoso.com has different IP addresses in intranet/Internet DNS
Don’t list machine host names in certificate host name list
Use load-balanced (LB) arrays for intranet and Internet access to servers
Use “Subject Alternative Name” (SAN) certificate
Exchange 2007 Coexistence
Layer 4 LB E2013 CASIIS
HTTP Proxy
E2013 MBX Protocol HeadDB
E2007 CASProtocol
Head
E2007 MBX StoreDB
Sit
e B
ounda
ry
E2007 CASProtocol
Head
E2007MBX StoreDB
RPC RPC Layer 7 LB Cross-Site Redirect Request OWA Layer 7 LBLegacy.contoso.com mail.contoso.com europe.mail.contoso.com
Cross-Site Proxy Request
Protocol Exchange 2007 user accessing
Exchange 2010 namespace Exchange 2007 Exchange 2013 namespaceuser accessing Exchange 2010Exchange 2013 namespaceuser accessing
Requires Legacy namespace Legacy namespace No additional namespaces OWA • Same AD site: silent or SSO FBA redirect
• Externally facing AD site: manual or silent/SSO Cross-site redirect • Internally facing AD site: proxy
Non-silent redirect (not SSO) to CAS 2007
externally facing URL • Proxy to CAS 2010• Cross-site silent redirect (not SSO), which may redirect to CAS 2010 or CAS 2013 EAS • EAS v12.1+ : Autodiscover & redirect
• Older EAS devices: proxy Proxy to MBX 2013 Proxy to CAS 2010 Outlook
Anywhere Direct CAS 2010 support Proxy to CAS 2007 Proxy to CAS 2010 Autodiscover Direct CAS 2010 support Redirect to CAS 2007 externally facing URL Proxy to CAS 2010 EWS Autodiscover Autodiscover Proxy to CAS 2010 POP/IMAP Proxy Proxy to CAS 2007 Proxy to CAS 2010 OAB Direct CAS 2010 support Proxy to CAS 2007 Proxy to CAS 2010 RPS n/a n/a Proxy to CAS 2010 ECP n/a n/a • Proxy to CAS 2010
• Cross-site redirect, which may redirect to CAS 2010 or CAS 2013
Move Mail 6
•
Hypervisors
•
Exchange roles
•
Storage
•
Host-based clustering
•
Migration
•
Jetstress in guests
•
Dynamic memory & memory
overcommit
•
Hypervisor snapshots
•
Differencing/delta disks
•
Apps on the root
•
Significant processor
*** Second Session ***
Comprehensive protection
Next generation of Forefront Online Protection for Exchange (FOPE)
Enterprise class reliability
On-premises
Exchange Online Protection Directory Sync ADFS (optional) Single sign on Existing email environmentBulk Mail control
Mark all bulk messages as spam
Block external threats quickly
Advanced fingerprinting technologies that
identify and stop new spam and phishing
vectors in real time.
Recommendation: Send
suspected junk mail to the
Outlook junk mail folder.
Spam quarantine managed by
administrators.
Users can manage safe senders
and block lists through Outlook.
Outlook Junk Mail Reporting Tool for
missed spam
http://www.microsoft.com/en-us/download/details.aspx?id=18275
Send spam email as an attachment to
[email protected]Send false positive messages to
[email protected]Email is routed to EOP DC based on MX record resolution (Contoso-com.mail.protection.outlook.com) IP-based edge blocks Envelope blocks Virus Scanning Multiple AV Engines SPAM Protection Safe Sender/Recipient Policy Enforcement
Custom Rules Content scanning and Heuristics
Bulk Mail filtering SPF & Sender ID Filter
Quarantine International Spam Advanced SPAM management Customer Feedback False Positives and False Negatives Spam Analysts Corporate Network
EOP Network EOP Network
Outbound Pool Outbound Pool
High Risk Delivery Pool High Score
Outbound Pool
Low Score
SPAM Protection
Content scanning and Heuristics Advanced SPAM
management
Virus
Scanning Policy Enforcement
Custom Rules
Quarantine
Spam Analysts
Corporate Network
Built on Exchange
transport rules engine
Conditions
EOP FOPE
Administration
Console Console with similar look/feel to Exchange 2013 and Office 365 Specific FOPE Console with different look/feel.
Policy Rules Flexible rules based on Exchange Transport Rules
engine with attachment scanning FOPE specific policy rules
RegEx .Net RegEx Engine Basic RegEx
Regional Routing EU and US routing US Only
Intelligent Routing Criteria Based Routing Virtual Domains
Reporting Detailed online reports and downloadable excel
workbook Online reports only
Spam management Granular spam management including bulk mail
and international spam blocking Granular spam management
Malware Multi-engine anti-malware scanning with
attachment blocking Multi-engine anti-malware scanning
Quarantine Admin Only (at GA) End-User and Admin Access
