Designing Exchange Infrastructure
After Active Directory
and the physical OS has been chosen and deployed, the Exchange
infrastructure can be set up and optimized for the specific needs of the
organization. With these needs in mind, you can do several things to
optimize an Exchange 2007 setup, as detailed in the following sections.
Determining the Exchange Version
When installing
Exchange, the choice of Exchange version needs to be made. As with
Windows Server 2003, there are two versions of Exchange, Standard and
Enterprise. The Standard Edition enables all Exchange 2007 functionality
except the following:
The advanced feature set of
the Enterprise Edition is geared toward larger deployments. The
critical factor that pushes the midsize to large organizations to the
Enterprise Edition, however, is the 75GB database limit. Some
organizations require large mailbox sizes and could potentially require
multiple databases larger than 75GB. Because this functionality is
available only with the Enterprise Edition of the software, it must be
installed.
Caution
Because the Standard
Edition of Exchange does not support databases larger than 75GB, keep
track of the size of the private database store, ensuring that it stays
well below the designated limit. The database will shut down if it
passes this limit, so it is critical to keep a watchful eye on database
size if using the Standard Edition.
In addition to the
ability to house multiple databases and databases greater than 75GB, the
Enterprise Edition also allows for clustering support. In addition, the
OS version must be Windows Server 2003 Enterprise or DataCenter Edition
for clustering to be supported.
Determining Exchange Databases and Storage Groups Layout
As previously
mentioned, the Enterprise Edition of Exchange enables the concept of
multiple databases, up to a maximum of 50. This enables a greater amount
of design freedom
and gives administrators more flexibility. A maximum of 50 production
storage groups can be created, and each storage group can contain up to
five databases. This does not mean that a server can support 250
databases, however, as Exchange 2007 limits an administrator to 50 total
databases across all storage groups.
Outlining Exchange Recovery Options
Deploying
Exchange requires considerable thought about backup and recovery
solutions. Because Exchange is a live, active database, special
considerations need to be taken into account when designing the backup
strategy for email.
Microsoft designed
Exchange 2007 to use the backup application programming interfaces
(APIs) from Windows Server 2003. These APIs support the Volume Shadow
Copy Service, which enables Exchange databases to be backed up through
creation of a “shadow copy” of the entire disk at the beginning of the
backup. The shadow copy is then used for the backup, so that the
production disk is not affected.
Note
The Windows Server 2003
backup utility can be used to back up Exchange using the traditional
online backup approach. Volume Shadow Copy requires a third-party
solution that has been written to support the Windows Server 2003 backup
and restore APIs.
Exchange 2007 also
includes support for the concept of a recovery storage group, which is
an additional storage group (available with either Standard or
Enterprise Exchange) and which can be used on a running server to
restore databases and mailboxes “on the fly.” This streamlines the
mailbox recovery process because restore servers are no longer a
necessity.
Considering Exchange Antivirus and Antispam Design
Viruses are a major
problem for all organizations today. Email is especially vulnerable
because it is typically unauthenticated and insecure. Consequently,
design of an Exchange implementation should include consideration for
antivirus options.
Exchange 2007
enhances the Virus Scanning Application Programming Interface (VSAPI)
that was introduced in Exchange 2000 and improved in Exchange 2003. The
enhanced VSAPI engine enables quarantine of email messages, as opposed
to simply attachments, and enables virus scanning on gateway servers.
Third-party virus products can be written to tie directly into the new
VSAPI and use its functionality.
Spam, unsolicited
email, has become another major headache for most organizations. In
response to this, Exchange 2007 has some built-in antispam functionality
that enables email messages to contain a spam rating. This helps
determine which emails are legitimate, and can be used by third-party
antispam products as well.
Monitoring Exchange
Email
services are required in many organizations. The expectations of uptime
and reliability are increasing, and end users are beginning to expect
email to be as available as phone service. Therefore, the ability to
monitor Exchange events, alerts, and performance data is optimal.
Exchange 2007
is a complex organism with multiple components, each busy processing
tasks, writing to event logs, and running optimization routines. You can
monitor Exchange using one of several methods, the most optimal being
System Center Operations Manager 2007 (previously named Microsoft
Operations Manager or MOM). SCOM 2007 is essentially a monitoring,
alerting, and reporting product that gathers event information and
performance data, and generates reports about Microsoft servers. An
Exchange-specific management pack for SCOM contains hundreds of
prepackaged counters and events for Exchange 2007. Use of the management
pack is ideal in midsize and larger environments to proactively monitor
Exchange.
Although close
monitoring of multiple Exchange servers is best supported through the
use of SCOM, this might not be the most ideal approach for smaller
organizations because SCOM is geared toward medium and large
organizations. Exchange monitoring for small organizations can be
accomplished through old-fashioned approaches, such as manual reviews of
event log information, performance counters using perfmon, and simple Simple Network Management Protocol (SNMP) utilities to monitor uptime.
Integrating Client Access into Exchange Server 2007 Design
Although the Exchange
server is a powerful systems component, it is only half the equation for
an email platform. The client systems comprise the other half, and are a
necessary ingredient that should be carefully determined in advance.
Outlining Client Access Methods
Great effort has been put
into optimizing and streamlining the client access approaches available
in Exchange 2007. Not only have traditional approaches such as the
Outlook client been enhanced, but support for nontraditional access with
POP3 and IMAP clients is also available. The following options exist
for client access with Exchange 2007:
Outlook MAPI—
The full Outlook client has been streamlined and enhanced. MAPI
communications with Exchange 2007 systems have been compressed, and the
addition of slow-link detection enables speedy mail retrieval for remote
users. Outlook versions that support access to Exchange 2007 servers
are limited to the 2002, 2003, and 2007 versions of Outlook.
Outlook Web Access (OWA)—
The Outlook Web Access (OWA) client is now nearly indistinguishable
from the full Outlook client. The one major component missing is offline
capability, but nearly every other Outlook functionality is part of
OWA.
ActiveSync— ActiveSync
provides for synchronized access to email from a handheld device, such
as a Pocket PC or other Windows Mobile device. It allows for real-time
send and receive functionality to and from the handheld, through the use
of push technology.
Outlook Anywhere—
Outlook Anywhere (previously known as RPC over HTTP) is a method by
which a full Outlook client can dynamically send and receive messages
directly from an Exchange server over an HTTP or Hypertext Transfer
Protocol Secure (HTTPS) web connection. This allows for virtual private
network (VPN)–free access to Exchange data, over a secured HTTPS
connection.
Post Office Protocol 3 (POP3)—
The Post Office Protocol 3 (POP3) is a legacy protocol that is
supported in Exchange 2007. POP3 enables simple retrieval of mail data
via applications that use the POP3 protocol. Mail messages, however,
cannot be sent with POP3 and must use the SMTP engine in Exchange. By
default, POP3 is not turned on and must be explicitly activated.
Internet Message Access Protocol (IMAP)—
Legacy Interactive Mail Access Protocol (IMAP) access to Exchange is
also available, which can enable an Exchange server to be accessed via
IMAP applications, such as some UNIX mail clients. As with the POP3
protocol, IMAP support must be explicitly turned on.
Note
Exchange 2007 supports
the option of disallowing MAPI access or allowing only specific Outlook
clients MAPI access. This can be configured if an organization desires
only OWA access to an Exchange server. It can also, for security
reasons, stipulate that only Outlook 2007 and Outlook 2003 can access
the Exchange server. The Registry key required for this functionality is
the following:
Location:HKLM\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
Value Name: Disable MAPI Clients
Data Type: REG_SZ
String: Version # (i.e. v4, v5, etc)
See Microsoft TechNet Article 288894 for more information:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;288894
Each organization
will have individual needs that determine which client or set of clients
will be supported. In general, the full Outlook client offers the
richest messaging experience with Exchange 2007, but many of the other
access mechanisms, such as Outlook Web Access, are also valid. The
important design consideration is identifying what will be supported,
and then enabling support for that client or protocol. Any methods that
will not be supported should be disabled or left turned off for security
reasons.
