With Exchange Server 5.5 and earlier, deploying
Exchange Server in your organization was much like deploying any other
application. Planning was important, but the actual installation was
typical. With Exchange 2000 Server, there was a dramatic change with
tighter integration between the messaging platform (Exchange 2000
Server) and the server operating system (Microsoft Windows 2000 Server).
Deployment of Exchange was dependent on your Windows 2000 Server
infrastructure, and you couldn’t effectively manage Exchange 2000 Server
without dealing with Windows 2000 Server and Active Directory. Exchange
Server 2003 builds on this concept. As a result, you must be acutely
aware of how Active Directory and Domain Name System (DNS) work, and how
Exchange Server 2003 utilizes the services of the server operating
system. Also, since you can install Exchange Server 2003 on a computer
running Windows 2000 Server (with SP3 or later) or Windows Server 2003,
you must be aware of how the version of Windows you are running will
affect what functionality is available.
Supported Combinations of Exchange and Windows Server
Depending on your
organization, you might have a number of server configurations that
affect how you will deploy Exchange Server 2003. The following list
shows the different combinations of Exchange versions and Microsoft
Windows versions that are supported:
Exchange Server 5.5
Windows NT 4 Server, Windows 2000 Server (any service pack)
Not Active Directory-aware but can replicate data to and from Active Directory with the Active Directory Connector (ADC).
Exchange 2000 Server
Exchange Server 2003
Tip
Because
the only version of Exchange Server that will run on Windows Server
2003 is Exchange Server 2003, you will need to upgrade your Exchange
environment to Exchange Server 2003 prior to upgrading the Windows
Server operating system to Windows Server 2003. |
It is worth noting that
when deploying Exchange Server 2003, Windows 2000 Server with SP3 or
later and Windows Server 2003 are not equal. To take full advantage of
the functionality of Exchange Server 2003, you must run it on a Windows
Server 2003 server. In fact, complete functionality requires Windows
Server 2003, Enterprise Edition. The following list identifies features
of Exchange Server 2003 that are supported when installed on a server
running Windows Server 2003 but that are not supported on Windows 2000
Server:
Mount points overcome the 24-drive letter limitation of previous versions of Windows.
Volume Shadow Copy service for database backup (requires Windows Volume Shadow Copy service backup application vendor).
Internet Protocol Security (IPSec) support for front-end and back-end clusters.
Cross-forest
Kerberos authentication with Microsoft Outlook 2003 (requires Microsoft
Metadirectory Services 2003 and Outlook 2003).
Internet Information Server (IIS) 6 enhanced security and dedicated application mode.
Hypertext Transfer Protocol (HTTP) access from Outlook 2003.
Real-time collaboration (requires Real-Time Collaboration service).
Microsoft
SharePoint Portal Server Web Parts (requires SharePoint Portal Server,
Microsoft Windows SharePoint Services, or both).
The
following list identifies functions that are available only when
running Exchange Server 2003 on Windows Server 2003, Enterprise Edition:
Hardware Requirements
There are several
factors that affect the hardware requirements for Exchange Server 2003:
the number of users that will be accessing the server; the size and
number of messages transferred on a daily basis (not to mention during
peak usage periods); availability requirements; and so on. These factors
will have a significant influence on the type of hardware you use for
your deployment. However, Table 1 contains some minimum hardware requirements.
Table 1. Minimum Hardware Requirements for Exchange Server 2003
| Component | Minimum requirements |
|---|
| Processor | Pentium 133 |
| Operating system | Windows 2000 Server + SP3 |
| Memory | 256 megabyte (MB) |
| Disk space | 200 MB on system drive, 500 MB on partition where Exchange Server 2003 is installed |
| Drive | CD-ROM drive |
| Display | VGA or better |
| File system | All partitions involving Exchange Server 2003 must be NTFS file system (NTFS), including |
| | System partition Partition storing Exchange binaries Partition containing Exchange database files Partition containing Exchange transaction logs Partitions containing other Exchange files
|
While Table 1
contains the minimum requirements to install Exchange Server 2003, that
configuration is sufficient for only the smallest of Exchange
environments supporting only a handful of users, or for testing in a
lab. In most cases, the Microsoft-recommended requirements for Exchange
Server 2003 in Table 2
are a more reasonable starting point. However, remember that this is
only a starting point; your organization’s specific needs will dictate
your system requirements.
Table 2. Recommended Hardware Requirements for Exchange Server 2003
| Component | Recommended requirements |
|---|
| Processor | Pentium III 500 (Exchange Server 2003, Standard Edition) |
| | Pentium III 733 (Exchange Server 2003, Enterprise Edition) |
| Operating system | Windows Server 2003 |
| Memory | 512 MB |
| Disk space | 200
MB on system drive, 500 MB on partition where Exchange Server 2003 is
installed. Separate physical disks for the Exchange binaries, database
files, and transaction logs. |
| Drive | CD-ROM drive |
| Display | SVGA or better |
| File system | All partitions involving Exchange must be NTFS, including
System partition Partition storing Exchange binaries Partition containing Exchange database files Partition containing Exchange transaction logs Partitions containing other Exchange files
|
Tip
Installing
Exchange Server 2003 on an existing server will increase the burden on
that server. You should use System Monitor to establish a performance
baseline for your server prior to installing Exchange Server 2003 to
determine if the server hardware is adequate to support Exchange and
also so you can later determine the effect that the Exchange Server 2003
installation has had on your server’s overall performance. |
Creating a Service Account
Another
consideration when installing Exchange Server 2003 is the creation of a
dedicated service account. One reason for using a dedicated service
account is related to security auditing. When you run services under the
Administrator or System account, it is more difficult to tell by
viewing the Security log in the Event Viewer whether an entry is being
generated by a user actively performing a task as the administrator or a
service performing a task unattended. With a service account, you can
see specifically what is being done by the Exchange services. Also, you
can quickly identify situations where someone might be trying to log on
interactively with the service account to gain administrative
permissions to the domain.
Table 3
shows the permissions that are required of a user account in order to
perform the installation-related tasks. With all the permissions
required to deploy Exchange Server 2003 successfully, it is clear that
the security account Exchange services run under is quite powerful.
Table 3. Permissions and Roles Required to Perform Exchange Installation Tasks
| Task | Required permissions or roles |
|---|
| Run ForestPrep for the first time in a forest (this updates the schema) | Member of the Schema Admins and Enterprise Admins groups |
| Run ForestPrep (other than the first time) | Exchange Full Administrator permissions at the Exchange organization level |
| Run DomainPrep | Member of the Domain Admins group in the target domain |
| Install the first server in a domain | Exchange Full Administrator permissions at the Exchange organization level |
| Install additional servers in a domain | Exchange Full Administrator permissions at the administrative group level |
| | Machine account added to the Exchange Domain Servers group |
| Install a server with the Site Replication Service (SRS) enabled | Exchange Full Administrator permissions at the Exchange organization level |
When creating a service
account, you will want to select the User Cannot Change Password option.
This is a security precaution that prevents a malicious user from
logging on interactively with the service and attempting to seize the
account by changing the password. It also has the effect of requiring
password changes to be made by an administrator through the Active
Directory Users And Computers console. Another option to choose is
Password Never Expires. You don’t want the service account to be subject
to the domain password policy, which usually requires passwords to be
changed on a periodic basis. Any password change to the service account
must be carefully planned. Since the account is not being used to log on
to a server interactively, you won’t receive a warning telling you the
password will expire in so many days.
Installing Windows Services Required by Exchange Server 2003
Prior to installing
Exchange Server 2003, there are certain Windows Server 2003 components
that must be enabled on the server because of the level of integration
Exchange has with Active Directory and the Windows operating systems.
For Setup to complete successfully, you must have the following services
installed and enabled on your server:
The configuration will
vary depending on whether your server platform is Windows 2000 Server
or Windows Server 2003. If you are installing Exchange Server 2003 onto a
server running Windows 2000 Server, Setup automatically installs and
enables the .NET Framework and ASP.NET services. This is because these
services were not available when Windows 2000 Server was released. Since
Windows Server 2003 has the .NET Framework built into the operating
system and has ASP.NET available through the Add/Remove Windows
Components Wizard, the Microsoft Exchange Installation Wizard will not
install these components on that platform. Instead, you must manually
enable these components on Windows Server 2003.
With Windows 2000 Server,
the World Wide Web service and SMTP service were automatically installed
and enabled as part of a default installation of the operating system.
By default in Windows Server 2003, these services are not installed. So,
if you are installing Exchange Server 2003 onto a system running
Windows 2000 Server, it is likely that the only service you will need to
add is the NNTP service. With Windows Server 2003, none of the
above-mentioned services are installed and enabled, so you must add all
of them.
Practice: Preparing for Installation
In this practice, you will
first create a service account that you will use later to install
Exchange Server 2003, and then you will configure the required Windows
Server 2003 server components to support the Exchange Server 2003
installation.
Exercise 1: Create a Service Account
1. | Log on to your Windows Server 2003 system as an administrator.
|
2. | From the Start menu, point to Administrative Tools, and then select the Active Directory Users And Computers console.
|
3. | Expand
the appropriate domain on the left side and right-click the Users
container. Point to New on the shortcut menu, and then click User.
|
4. | Provide the required information, entering svc_xch as the name of the service account. Click Next to continue.
|
5. | Create
a strong password, with a minimum of seven characters and meeting the
complexity requirements required by Windows Server 2003. Configure the
account password so that it will never expire, and so that it can’t be
changed by the user. Click Next to continue, and then click Finish.
Security Alert Strong
passwords are required by default in Windows Server 2003, which is a
change from previous versions of Windows. Best practices are to have a
password of at least seven characters and which contains a combination
of uppercase and lowercase letters, numbers, and special characters. |
|
6. | Double-click
the new user account that you just created and go to the Member Of tab.
Click Add, and add this account to the following groups:
Schema Admins Enterprise Admins Domain Admins
|
7. | Click OK, and then click OK again to finish.
|
Exercise 2: Install Windows Components Required by Exchange Server 2003
1. | From the Start menu, point to Settings, and then click Control Panel. Next, click Add Or Remove Programs.
|
2. | Click Add Or Remove Windows Components to start the Windows Components Wizard.
|
3. | Click the Application Server component, and then click Details.
|
4. | Select the check box for ASP.NET and click OK.
|
5. | Scroll down to Internet Information Services (IIS) and click Details.
|
6. | Select the check boxes to select the following components:
NNTP service SMTP service World Wide Web service
|
7. | Click
OK to return to the Application Server components, and then click OK
again to return to the main Windows Components Wizard page.
|
8. | Complete the wizard to install the components.
|
ASP is a component of
IIS, and is installed by default when you install the World Wide Web
Service. However, you must enable ASP in the Internet Information
Services console even though it is installed. To do this, perform the
following steps:
1. | Start
and select All Programs, and then go into Administrative Tools and
start the Internet Information Services (IIS) Manager console.
|
2. | When the console opens, expand the local computer (if it isn’t already), and then select Web Service Extensions.
|
3. | Select ASP (which will have the version of the extensions in parenthesis), and then click Allow, as shown in Figure 1.
|
