Organizations
have become increasingly reliant on email as a primary method of
communication and, as such, the messaging system in most environments
has come to be considered a mission-critical application. Any messaging
downtime results in frustrated calls to the help desk. For most
organizations, gone are the days where the email system can be taken
offline during business hours for configuration changes.
To ensure the
dependability and reliability of any application, proper maintenance and
upkeep is vital, and Exchange Server 2010 is no exception. By
implementing and performing proper management and maintenance
procedures, administrators can minimize downtime and keep the system
well tuned.
Exchange Server 2010 has
advanced the health of the messaging system through the introduction of
continuous online defragmentation, compaction, and contiguity
maintenance. This has eliminated the need for routine offline database
maintenance, which dramatically reduces the need for planned downtime.
Proper Care and Feeding of Exchange Server 2010
This section is not about how to perform common, albeit necessary, management tasks such as using the interface to add
a database. Instead, it focuses on concepts such as identifying and
working with the server’s functional roles in the network environment,
auditing network activity and usage, and monitoring the health and
performance of your messaging system.
With each new
iteration of Exchange Server, Microsoft has greatly improved the tools
and utilities used to manage the environment. Exchange Server 2010 is no
exception. Exchange Server 2010 management can be done locally or
remotely. The administration can even be done through firewalls. There
are primary management interfaces, the Exchange Management Console, the
Exchange Control Panel, and the Remote Exchange Management Shell, and
new tools and utilities to assist administrators in the upkeep of their
environment.
Managing by Server Roles and Responsibilities
Key in Exchange Server 2010
is the concept of role-based deployment, allowing administrators to
deploy specific server roles to meet the requirements of their
environment. Exchange Server 2010 provides five distinct server roles:
Edge Transport, Hub Transport, Client Access, Mailbox, and Unified
Messaging.
The Edge Transport Server Role
The Edge Transport server
role is responsible for all email entering or leaving the Exchange
Server organization. To provide redundancy and load balancing, multiple
Edge Transport servers can be configured for an organization.
The Edge Transport role
is designed to be installed on a standalone server that resides in the
perimeter network. As such, it is the only Exchange server designed to
NOT be a member of the Active Directory (AD) domain. Synchronization
with Active Directory is provided through the use of Active Directory
Application Mode (ADAM) and a component called EdgeSync.
Edge Transport
servers can provide antispam and antivirus protection, as well as the
enforcement of Edge Transport rules based on Simple Mail Transfer
Protocol (SMTP) and Multipurpose Internet Mail Extensions (MIME)
addresses, particular words in the subject or message body, and a Spam
Confidence Level (SCL) rating. In addition, Edge Transport servers can
provide address rewriting—an administrator can modify the SMTP address
on incoming and outgoing messages.
It is possible for an
organization to avoid the use of an Edge Transport server completely and
simply configure a Hub Transport server to communicate directly with
the Internet. However, this scenario is not recommended because it
exposes your Hub Transport server to potential attack. The Edge
Transport server has a reduced attack surface to protect against these
external threats.
The Hub Transport Server Role
The Hub Transport
role is responsible for managing internal mail flow in an Exchange
Server organization and is installed on a member server in the AD
domain.
The
Hub Transport role handles all mail flow within the organization, as
well as applying transport rules, journaling policies, and delivery of
messages to recipient mailboxes. In addition, Hub Transport agents can
be deployed to enforce corporate messaging policies such as message
retention and the implementation of email disclaimers.
Hub Transport
servers accept inbound mail from the Edge Transport server(s) and route
them to user mailboxes. Outbound mail is relayed from the Hub Transport
server to the Edge Transport server and out to the Internet.
The Hub Transport
role can be installed on the same hardware with any other nonclustered
internal server role or as a dedicated Hub Transport server. It cannot
be installed on the same hardware as an Edge Transport server role.
Each AD site that contains a Mailbox server role must contain at least one Hub Transport server role.
The Client Access Server Role
The Client Access Server
(CAS) role is similar to the front-end server in Exchange Server
2000/2003. New to Exchange Server 2010 is that all clients communicate
through the CAS. This is different than in Exchange Server 2007, where
Outlook clients using MAPI would access the mailbox servers directly.
Now the CAS mediates all client traffic, providing a single point of
communication that can be monitored to ensure consistent compliance and
security across all types of clients.
The Mailbox Server Role
The Mailbox role will
be the most familiar to administrators with previous Exchange Server
experience. As the name implies, the mailbox role is responsible for
housing mailbox databases which, in turn, contain user mailboxes. The
Mailbox server role also houses public folder databases if they are
implemented in the environment.
The Mailbox server
role integrates with the directory in the Active Directory service much
more effectively than previous versions of Exchange Server allowed,
making deployment and day-to-day operational tasks much easier to
complete. The Mailbox server role also provides users with improved
calendaring functionality, resource management, and Offline Address Book
downloads.
The Unified Messaging Server Role
The Unified Messaging
server role is responsible for the integration of Office Communication
Server Voice over IP (VoIP) technology into the Exchange Server
messaging system. When implementing Unified Messaging with Exchange
Server 2010, users can have access to voice, fax, and email messages all
in the same mailbox, and these messages can be accessed through
multiple client interfaces.
Managing by User Roles
Exchange Server
2010 introduces role-based access control (RBAC) to the Exchange Server
platform. This new permissions model applies to the Mailbox, Hub
Transport, Unified Messaging, and Client Access Server roles. RBAC has
replaced the permission model used in
Exchange Server 2007. RBAC is not used on the Edge Transport role
because the Edge Transport security is not integrated with the other
roles and is based on the Local Administrators group.
The new
role-based model enables administrators to easily assign staff to one of
the predefined roles or to create a custom role that meets the
organizations unique requirements. The RBAC permissions model is used by
Exchange Management Console (EMC), the Exchange Management Shell (EMS),
and the Exchange Control Panel (ECP).
There are eleven predefined administrative roles:
There are seven
predefined user roles to allow user self administration. This allows
users to self-update things such as their phone number, address, and
mailbox settings through the web interface. The predefined users roles
are as follows:
My Distribution Groups
My Distribution Group Membership
My Profile Information
My Contact Information
My Base Options (Use PowerShell to set)
My Text Messaging (Use PowerShell to set)
My Voice Mail (Use PowerShell to set)
The administrative and
user predefined roles cannot be changed. However, new roles can be
created to define precise or broad roles and assignments based on the
tasks that need to be performed in a given organization. This is done
through the RBAC User Editor.
