Presentation is loading. Please wait.

Presentation is loading. Please wait.

Envision: Establish a project vision, define & analyze requirements, and develop a solution architecture & high level design Plan: Develop the.

Similar presentations


Presentation on theme: "Envision: Establish a project vision, define & analyze requirements, and develop a solution architecture & high level design Plan: Develop the."— Presentation transcript:

1

2

3

4

5

6 Envision: Establish a project vision, define & analyze requirements, and develop a solution architecture & high level design Plan: Develop the detailed design and create the functional specification Build: Test environment build, validation of solution, develop the detailed build guide. Stabilize: Production pilot to remediate any issues and establish approved processes before full deployment. Deploy: Complete the overall deployment and transition to day to day operations.

7 E2010 HUB Internet facing site autodiscover.contoso.com mail.contoso.com E2010 CAS E2010 MBX Non-Internet facing site Intranet site E2010 Servers

8 autodiscover.contoso.com mail.contoso.com Non-Internet facing site Intranet site E2010 Servers E2010 HUB Internet facing site E2010 CAS E2010 MBX E2013 CAS E2013 MBX E2013 CAS

9 Speaker: Boris Lokhvitsky Date: Wednesday, April 2 Time: 10:15 AM - 11:30 AM Room: L4: Ballroom G Session Type: Interactive Session Code: ARC.IN.302

10

11 Don’t mount that horse just yet, cowboy! Have you gathered your tools yet? Exchange Server Deployment Assistant Exchange Best Practices Analyzer Remote Connectivity Analyzer (aka ExRCA) Where does he get such wonderful toys? –Joker “ ”

12 Current Exchange 2013 & Cloud Scenarios  On-premises deployments  New installation of Exchange Server 2013  Upgrade from Exchange 2007 or 2010 to Exchange 2013  Upgrade from mixed Exchange 2007 and Exchange 2010 to Exchange 2013  Hybrid deployments (On-premises + Office 365)  Exchange 2013 on-premises with Exchange Online  Cloud-only Scenarios  Exchange Cut-over  Exchange Staged  Exchange IMAP  Third-party IMAP Access it here: Future Scenarios  Multi-forest

13

14 Best Practices Analyzer - Date: Tuesday, April 1 Time: 1:30 PM - 2:45 PM Room: MR 11a Session Type: Interactive Session Code: MNG.IN.201 Next Generation Session Speaker: Mark Heneen

15 Start healthy! Are we even working today? Autodiscover ActiveSync Exchange Web Services Outlook Anywhere Inbound/Outbound SMTP POP/IMAP Run it here: Download the MSI to run locally!

16 Server Profile Analyzer (For Exchange 2007 migrations only) Exchange 2013 Server Role Requirements Calculator Plan it the right way - Date: Tuesday, April 1 Time: 1:30 PM - 2:45 PM Room: Ballroom E Session Type: Breakout Session Code: ARC.308 Exchange Server 2013 sizing scenarios Session Wizard: Jeff Mealiffe Tame the beast - Date: Wednesday, April 2 Time: 1:00 PM - 2:15 PM Room: MR 11a Session Type: Interactive Session Code: ARC.IN.305 Exchange server calculator tips and tricks Session Speaker: Brian Day Also touching on: MessageStats.ps1 GetLogFileUsage.ps1 Processor Query Tool

17 LoadGen JetStress How to uncover the secrets of Disk Latency Date: Wednesday, April 2 Time: 4:45 PM – 6:00 PM Room: MR 19ab Session Type: Breakout Session Code: MNG.302 Session Speaker: Alessandro Goncalves Jetstress Notes From the Field Date: Tuesday, April 1 Time: 3:00 PM - 4:15 PM Room: MR 19ab Session Type: Breakout Session Code: DMI.314 Session Speaker: Neil Johnson

18 Client network connectivity bandwidth calculator v2 Exchange Client Network Bandwidth calculator v2 Date: Wednesday, April 2 Time: 2:45 PM – 4:00 PM Room: MR 19ab Session Type: Breakout Session Code: DMI.303 Session Speaker: Neil Johnson

19

20 Preparing for Exchange Server 2013 Active Directory Minimum Requirements At least one Windows Server 2003 SP2 or higher* Global Catalog in each AD site with Exchange installed * Use of Windows Server 2012 R2 requires a supported Exchange version At least one writable Domain Controller in each AD site with Exchange Servers installed AD Forest Functional Level must be Windows Server 2003 or higher For the latest information see:

21 Preparing for Exchange Server 2013 Operating Systems Prerequisites for Exchange Installs Windows Server 2008 R2 SP1 64-bit Standard or Enterprise editions Standard edition ok for CAS-only & non-DAG MBX Enterprise edition necessary for DAG joined MBX Windows Server 2012 or 2012 R2 64-bit Standard or Datacenter editions 2012 R2 is only supported with 2013 Service Pack 1 or later.NET framework 4.5 (4.5.1 strongly recommended, may even be come a requirement) Windows Management Framework 3.0 Unified Communications Managed API (UCMA) 4.0 Other expected OS roles/features (IIS etc…)

22 Preparing for Exchange Server 2013 Recent Windows Server 2012 R2 Support Updates 2013 SP1 or later2013 CU3 or earlier 2010 SP3 RU5 or later 2007 SP3 RU13 or later Install on 2012 R R2 DCs and a 2012 or lower DFL/FFL 2012 R2 DCs and a 2012 R2 DFL/FFL

23 Preparing for Exchange Server 2013 Outlook Recommendations Office 365 ProPlus – Current bits Outlook 2013– SP1 & latest public update recommended Outlook 2010– SP2 & latest public update recommended Outlook 2007– SP3 & latest public update recommended Outlook 2003– Not supported WebDAV based clients must be upgraded to Exchange Web Services compatible versions: Outlook for Mac 2011 or Entourage 2008 for Mac Web Services Edition Browser recommendations (not minimums) Internet Explorer: IE11 or IE10 Firefox: Latest or N-1 Chrome: Latest or N-1 Safari: Latest or N-1

24 Extended Support Expires April 8 th 2014 Exchange 2013 cannot coexist with 2003 Support Expires April 8 th 2014 Upgrade to Service Pack 3

25 Preparing for Exchange Server 2013 Ready the existing Exchange organization Patch existing Exchange servers to… Exchange 2010 SP3 RU5 or later recommended Exchange 2007 SP3 RU13 or later recommended This includes Edge Transport servers Extend the AD schema for Exchange Server 2013 setup /PrepareSchema Prepare the Exchange organization and local domain for Exchange Server 2013 setup /PrepareAD Prepare any remaining domains that will have mail enabled objects, Exchange servers, or Global Catalog servers Exchange will utilize Local domain setup /PrepareDomain Remote domains one at a time setup /PrepareDomain:FQDN.of.domain Or do them all at once setup /PrepareAllDomains

26 Preparing for Exchange Server 2013 An OAB modification before installing the first Exchange 2013 servers. Exchange 2013 creates a new default OAB for the org. Avoid clients downloading the new default OAB by specifying the existing OAB on all legacy DBs prior to installing Exchange 2013 [PS] C:\>Get-OfflineAddressBook | FT Name,IsDefault,ExchangeVersion -AutoSize Name ---- Default Offline Address Book Default Offline Address Book (Ex2013) True 0.20 ( ) False 0.1 ( ) IsDefault Exchange Version [PS] C:\Windows\system32>Get-MailboxDatabase | FT NAME, *offline*,exchangeversion -AutoSize Name ---- Mailbox Database ( ) Exchange Version OfflineAddressBook \Default Offline Address Book

27

28 Exchange Server 2013 SP1 Setup Install both MBX and CAS Servers CAS is auth/proxy only MBX executes the PowerShell commands Use the latest CU package No more SP then RU install Exchange 2013 Setup GUI or command line Updated to reflect Exchange 2013 roles Command line parameters New required parameter for license terms acceptance After the Fact You cannot remove individual roles in Exchange 2013 Setup.exe /mode:install /roles:c,m,mt /IAcceptExchangeServerLicenseTerms

29 Exchange Server 2013 Setup

30 [PS] C:\>Get-ClientAccessServer | Sort-Object WhenCreated | FT Identity,WhenCreated,*SiteScope,*uri -AutoSize Identity WhenCreated CON-E2K7-001 CON-E2K CON-E2K CON-E2K CON-E2K CON-E2K AutoDiscoverSiteScope AutodiscoverServiceInternalUri /7/2014 1:21:15 PM {Boston} https://bos.mail.corp.contoso.com/Autodiscover/Autodiscover.xml 1/8/2014 5:27:49 PM {Boston} https://bos.mail.corp.contoso.com/Autodiscover/Autodiscover.xml 1/16/2014 3:21:32 PM {Boston} https://bos.mail.corp.contoso.com/Autodiscover/Autodiscover.xml 1/16/2014 8:41:46 PM {Seattle} https://autodiscover.corp.contoso.com/Autodiscover/Autodiscover.xml 1/16/2014 9:22:43 PM {Seattle} https://autodiscover.corp.contoso.com/Autodiscover/Autodiscover.xml 1/17/ :21:35 AM {Boston} https://bos.mail.corp.contoso.com/Autodiscover/Autodiscover.xml

31 E2010 HUB Austin AD Site E2010 HUB E2010 MBX E2010 HUB Boston AD Site E2013 CAS E2010 HUB E2013 MBX E2010 MBX Cross-site mail flow… so many paths… so many options. Ooohhhh lookie some new 2013 boxes! More options!

32

33 Certificates End to end certificate wizard in the Exchange Administration Center (EAC) Export and import with private key to all other CAS right from the UI Assign services right from the UI EAC notifications when a certificate is about to expire First notification will be shown 30 days prior to expiration Subsequent notifications will be provided every 24 hours

34 Certificates - Best Practices Minimize the number of certificates A unified namespace means the same cert should be used on all CAS in the site resilient datacenter pair Use a “Subject Alternative Name” (SAN) certificate Minimize number of hostnames Use “Split DNS” for Exchange hostnames if using the same auth type inside and out This is not a requirement, some customers may have unique environments where different names would be helpful. Don’t list machine hostnames in certificate hostname list* *The UM service may be your exception to this rule due to telephony systems having to talk direct to it, but you can easily use an internally issued certificate here. Use Load Balanced (LB) CAS arrays for intranet and Internet access to servers

35 Certificates - Best Practices Did your Outlook Providers look like this previously when using a wildcard cert? Name CertPrincipalName EXCH EXPR msstd:*.contoso.com WEB Outlook Anywhere settings are now dynamically generated off of both the EXCH and EXPR Outlook Providers for separate internal and external settings for clients to utilize. As a result of this update both of the EXCH and EXPR Outlook providers must be wildcard ready in order to use a wildcard certificate. Name CertPrincipalName EXCH msstd:*.contoso.com EXPR msstd:*.contoso.com WEB Using a wildcard certificate

36

37

38 autodiscover.contoso.com mail.contoso.com Non-Internet facing site Intranet site E2010 Servers E2010 HUB Internet facing site E2010 CAS E2010 MBX E2013 CAS E2013 MBX E2013 CAS

39 Legacy URL considerations for the following OWA EWS OAB

40 Switching to CAS 2013 Drop TTL of any DNS records you will be changing in advance Re-test via Remote Connectivity Analyzer one last time Reconfigure Virtual Directory Settings of Legacy Systems if necessary Reconfigure Outlook Anywhere on Legacy Systems if necessary Move systems into the production AD sites if necessary Update Publishing methods (Load Balancer, Reverse Proxy, etc…) if necessary Update DNS records Test via Remote Connectivity Analyzer once DNS updates propagate

41 You did this in your lab already, right?

42 Script it as much as you can. Prepare your virtual directory change scripts in advance. Huemans ah errar prone. Prepare a back-out script just…. in…. case.

43 Intranet facing siteInternet facing site E2007/ E2010 CAS E2013 CAS E2013 MBX 2007/ E2010 MBX E2007/ E2010 CAS E2007/ E2010 MBX Switching to CAS 2013 Outlook Anywhere Layer 4 LB Layer 7 LB mail.contoso.com HTTP PROXY RPC/HTTP OA Enabled HTTP PROX Y 1. Enable Outlook Anywhere on all legacy CAS Utilize the ‘mail.contoso.com’ namespace for all CAS so traffic flows through 2013 in all cases. 2. IIS Authentication Methods IIS Auth must have NTLM enabled on all legacy CAS RPC Client Auth: Basic IIS Auth: Basic NTLM RPC 3. DNS Cutover if an IP change takes place Use a low TTL on the existing records a few days in advance of the cutover. OA Enabled Client Auth: Basic IIS Auth: NTLM OA Client Auth: IIS Auth: Disabled Enabled NTLM Basi c

44 Outlook Connectivity: Current and Future Date: Wednesday, April 2 Time: 10:15 AM – 11:30 AM Room: Ballroom F Session Type: Breakout Session Code: USX.207 Session Speakers: Venkat Ayyadevara Rafiq El Alami, and Guy Groeneveld

45 Publishing Exchange – Which TLA Should You Choose? Date: Tuesday, April 1 Time: 3:30 PM – 4:15 PM Room: Ballroom F Session Type: Breakout Session Code: ARC.202 Session Speaker: Greg Taylor WAP and ARR – TMG Alternatives? Date: Wednesday, April 2 Time: 8:30 AM – 9:45 AM Room: MR 18bc Session Type: Breakout Session Code: USX.305 Session Speakers: Georg Hinterhofer, Roop Sankar

46

47 Edge Setup on Exchange 2013 SP1 One pre-req Active Directory Lightweight Directory Services (ADLDS) Windows PowerShell Copyright (C) 2013 Microsoft Corporation. All rights reserved. PS C:\Users\Administrator> Install-WindowsFeature ADLDS Success Restart Needed Exit Code TrueNo Success Feature Result {Active Directory Lightweight Directory Se... WARNING: To create a new AD LDS instance on server, log on to the destination server and then run the Active Directory Lightweight Directory Services Setup Wizard. For more information, see PS C:\Users\Administrator> Go no further! Only install the ADLDS feature, Edge will take care of the rest during install.

48 Edge Setup on Exchange 2013 SP1 The ‘other’ pre-req you may hit Make sure your machine has a FQDN if it is not joined to a management domain. Performing Microsoft Exchange Server Prerequisite Check Configuring Prerequisites Prerequisite Analysis COMPLETED FAILED The fully qualified domain name of the computer is missing or empty. Setup cannot continue. For more information, visit: >/ms.exch.setupreadiness.FqdnMissing.aspx

49 Edge Setup on Exchange 2013 SP1 Adding a FQDN for non-domain joined machines Head on over to the Computer Name settings, it is hidden under the ‘More…’ section.

50 Edge Setup on Exchange 2013 SP1 Create your Edge Subscription file New-EdgeSubscription –File C:\EdgeServerSubscription.xml Make sure the file is in a location your mailbox server can access for the next step. [PS] C:\>New—EdgeSubscription -FileName c:\edgesubscription.xml Confirm If you create an Edge Subscription, this Edge Transport server will be managed via EdgeSync replication. As a result, any of the following objects that were created manually will be deleted: accepted domains, message classifications, remote domains, and Send connectors. After creating the Edge Subscription, you must manage these objects from inside the organization and allow EdgeSync to update the Edge Transport server. Also, the InternalSMTPServers list of the TransportConfig object will be overwritten during the synchronization process. EdgeSync requires that this Edge Transport server is able to resolve the FQDN of the Mailbox servers in the Active Directory site to which the Edge Transport server is being subscribed, and those Mailbox servers be able to resolve the FQDN of this Edge Transport server. You should complete the Edge Subscription inside the organization in the next“1440” minutes before the bootstrap account expires. [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y [PS] C:\>

51 Edge Setup on Exchange 2013 SP1 Import your Edge Subscription file (this would be a one-liner) New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path “C:\EdgeServerSubscription.xml” -Encoding Byte -ReadCount 0)) -Site “Seattle” [PS] C:\Windows\system32> New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\EdgeServerSubscription.xml"- Encoding Byte -ReadCount 0)) -Site "Seattle" Name ---- Site ---- Domain ---- CON—E2K13—EDG01 corp.contoso.com/... corp.contoso.com WARNING: EdgeSync requires that the Mailbox servers in Active Directory site Seattle be able to resolve the IP address for CON—E2K13—EDG01.corp.contoso.com and be able to connect to that host on port [PS] C:\Windows\system32>

52 Edge Setup on Exchange 2013 SP1 Edge is now known to the org Edge server shows up in server list. The two send connectors are generated (Note: SourceTransportServers is the name of the edge subscription, which is the name of the first Edge server used when the connectors are created.) [PS] C:\Windows\system32>Get-SendConnector | ft identity,sourcetrans* -AutoSize Identity SourceTransportServers EdgeSync – Seattle to Internet {CON-E2K13-EDG01} EdgeSync – Inbound to Seattle {CON-E2K13-EDG01} [PS] C:\Windows\system32> [PS] C:\>Get-ExchangeServer | Sort-Object Name | FT Name,ServerRole,AdminDisplayVersion -AutoSize Name ---- ServerRole CON-E2K AdminDisplayVersion CON-E2K CON-E2K CON-E2K CON-E2K CON-E2K13-EDG01 CON-E2K7-001 Mailbox, ClientAccess, UnifiedMessaging, HubTransport Version 14.3 (Build 123.4) Mailbox, ClientAccessVersion 15.0 (Build ) Edge 15.0 (Build ) Mailbox, ClientAccess, UnifiedMessaging, HubTransport Version 8.3 (Build 83.6)

53 Edge Support, and Mail Flow Transition Edge Transport Edge Transport 2007/2010 are compatible with Exchange 2013 CU1 or later Edge Transport 2013 SP1 is compatible with 2013 SP1, 2010 SP3 RU5, and 2007 SP3 RU13 Legacy Edge Transport servers require the same 2010 SP3 or 2007 SP3 RU10 updates before deploying Exchange An existing 2010 Edge Subscription must be re-created after SP3 is applied so the version number is seen by Exchange 2013 within the AD configuration partition or else setup will fail at the pre-req check. Mail Flow Transition Exchange Server 2013 can accept inbound anonymous mail from the Internet and re-route to the correct 2013 or legacy mailbox(es) Leave MX record(s) pointing to legacy Exchange early on, unless you deploy Edge 2013 first Move MX record(s) to point to 2013 once approximately 50% of users are moved to 2013

54 Edge Transport with… EOP standalone or Hybrid mail flow

55

56 Kerberos Authentication Kerberos is preferred to help remove NTLM authentication bottlenecks in large Exchange environments. Kerberos is not enabled by default in Exchange 2013 and requires manual configuration. OAB virtual directories are already Applications within IIS in Exchange 2013, no need to convert them as you did in Exchange Enabling Kerberos in Exchange 2013 results in setting Negotiate as the authentication type for Outlook Anywhere’s (/rpc) virtual directory InternalClientAuthenticationMethod and MAPI/HTTP’s (/mapi) virtual directory IISAuthenticationMethod.

57 To Kerb or not to Kerb… Are you pure 2013? Enable Kerberos for /rpc & /mapi vDirs Yes. No. Do you have legacy public folders? No. Yes. Do you have CU5 deployed? * Yes. No. Migrate public folders to Exchange 2013 * Tentative plan, plans may change.

58 Kerberos Authentication A little bit of everything in a complex environment….

59 Kerberos Authentication Exchange 2013 requires only http ServicePrincipalNames due to all client traffic being HTTP. No longer necessary are exchangeAB, exchangeRFR, or exchangeMDB SPNs for a 2013-only ASA [PS] C:\>SetSpn –L EXASA213 Registered ServicePrincipalNames for CN=EXASA2013,CN=Users,DC=corp,DC=contoso,DC=com: http/bos.mail.corp.contoso.com http/aus.mail.corp.contoso.com http/mail.corp.contoso.com http/autodiscover.corp.contoso.com [PS] C:\>

60 Kerberos Authentication What are our options? Re-use the Exchange 2010 ASA (if one exists) with new human-known credentials Pro: One ASA for both Exchange 2010 and Exchange 2013 in the org Con: The credentials are now known to administrators instead of machine generated. Create a new ASA for 2013 Pro: Can utilize RollAlternateServiceAccountPassword.ps1 against 2013 multi-role servers Con: Service Principal Names must be moved from the 2010 ASA (if one exits) to the new ASA for any hostname you will be moving from 2010 to 2013

61 Kerberos Authentication A couple current caveats to be aware of as of SP1 RollAlternateServiceAccountPassword.ps1 Cannot be used to copy ASA credentials from 2010 CAS role to 2013 CAS role Cannot be used to create a new ASA on CAS-only 2013 servers Can be used to create a new ASA on multi-role 2013 servers Set-ClientAccessServer -AlternateServiceAccountCredential only works on multi-role 2013 servers

62 Exchange Server 2013 Public Folders The last thing you migrate. 2007/2010 users cannot access 2013 Public Folders 2013 users can access 2007/2010 Public Folders Cutover migration, you cannot gradually move Public Folders from legacy to 2013

63 Modern Public Folder Migration & Office 365 Date: Monday, March 31 Time: 4:30 PM – 5:45 PM Room: MR 19ab Session Type: Breakout Session Code: DMI.310 Session Speakers: Kanika Ramji & Siegfried Jagott Experts Unplugged: Public Folders & Site Mailboxes Date: Tuesday, April 1 Time: 9:00 AM – 10:15 AM Room: MR 18d Session Type: Unplugged Session Code: USX.UN.303 Session Speakers: Alfons Staerk, Kanika Ramji, Shashi Singaravel, Siegfried Jagott, Brian Day

64 OABs Downloads Do you have or play to have multiple OABGen capable mailboxes? Know that client OAB downloads from different OABGen mailboxes triggers a full download even if it is the same OAB being downloaded. How to find your OABGen mailbox(es) [PS] C:\>Get-Mailbox –Arbitration | Where {$_.PersistedCapabilities –like "*OAB*"} | FL Name,Database,Persis* Name Database PersistedCapabilities Name Database PersistedCapabilities : SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} : 2013DB-001 : {OrganizationCapabilityUMGrammarReady, OrganizationCapabilityPstProvider, : OrganizationCapabilityMessageTracking, OrganizationCapabilityMailRouting, : OrganizationCapabilityClientExtensions, OrganizationCapabilityGMGen, : OrganizationCapabilityOABGen, OrganizationCapabilityUMGrammar} : OABGen02 : 2013DB-003 : {OrganizationCapabilityOABGen}

65 [PS] C:\>Get-Mailbox –Arbitration | Where {$_.PersistedCapabilities –AutoSize Name ---- OABGen02 Database DB-003 SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} 2013DB-001 [PS] C:\> [PS] C:\>Get-MailboxDatabase Name ---- Servers DB-001 {CON-E2K13-001} 2013DB-002 {CON-E2K13-001} 2013DB-003 {CON-E2K13-101} 2013DB-004 {CON-E2K13-102} 2013DB-005 {CON-E2K13-101} 2013DB-006 {CON-E2K13-002} OAB Downloads How does this happen to clients? You may have OABGen mailboxes in different or same AD sites. [PS] C:\>Get-ExchangeServer | Where {$_.AdminDisplayVersion –like "*15*"} | Name,Site Name ---- CON-E2K Site ---- CON-E2K CON-E2K CON-E2K CON-E2K13-EDG01 corp.contoso.com/Configuration/Sites/Boston corp.contoso.com/Configuration/Sites/Seattle

66 OAB Downloads Could we place different OABGen mailboxes in DBs only replicated locally? No, in this example the DAG spans two sites and user mailboxes will move between sites. Site ASite B OABGen-01 OABGen-02 DAG-001

67 OAB Downloads Recommendation: Keep one OABGen mailbox per organization. or Site ASite B OABGen-01 DAG-001 Site ASite B OABGen-01 DAG-001 Recommended due to site resiliency gains.

68 Quota Calculations Mailbox and Public Folder data moved from legacy Exchange to Exchange 2013 will appear to grow due to more accurate calculations within the DB. Expectation is 30%-40% increase in quota hit, but will vary based on the content types May want to increase the quotas of any user using ~75% or more of their quota prior to moving them to 2013 The database size on disk does NOT increase

69 Coming in Exchange 2013 Cumulative Update 5

70

71

72


Download ppt "Envision: Establish a project vision, define & analyze requirements, and develop a solution architecture & high level design Plan: Develop the."

Similar presentations


Ads by Google