Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing.

Published byMartin York Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing."— Presentation transcript:

1 Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing this module, students will be able to: Describe how the Client Access server role works. Design the Client Access server deployment. Design access for messaging clients. Design policies for managing client access. Required materials To teach this module, you need the Microsoft® Office PowerPoint® file 10233A_04.ppt. Important: We recommend that you use PowerPoint 2002 or a later version to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides might not be display correctly. Preparation tasks To prepare for this module: Read all of the materials for this module. Practice performing the demonstrations and the lab exercises. Work through the Module Review and Takeaways section, and determine how you will use this section to reinforce student learning and promote knowledge transfer to on-the-job performance. Make sure that students are aware that the Course Companion CD contains additional module information and resources.

2 Module Overview Overview of the Client Access Server Role
Designing Client Access Server Deployment Designing Client Access Designing Client Access Policies This lesson provides an introduction to some of the functionality available on Microsoft Exchange Server 2010 Client Access servers. It is important that students all have a clear understanding of these features, because they are important when designing the Client Access server deployment. Students may be familiar with these features, so be prepared to cover this lesson quickly. 2

3 Lesson 1: Overview of the Client Access Server Role
Client Access Business Requirements Client Access Server Services How RPC Client Access Service Works How Client Access Service Works with Multiple Sites Requirements for Accessing the Client Access Server from the Internet The key focus of this lesson is to describe the deployment options for client access services provided by Exchange Server 2010, and to describe the requirements that will be used to design the client access deployment. This lesson provides an introduction to some of the functionality available on Exchange Server 2010 Client Access servers. It is important that students have a clear understanding of these features, because they are important when designing the Client Access server deployment. Students may be familiar with these features, so be prepared to cover this lesson quickly.

4 Client Access Business Requirements
Number and types of clients Client usage profiles Client locations Security requirements Availability requirements Performance requirements Key message: Identify what you need to know about your organization in order to design the Client Access Services deployment. Question: What business requirements will you have in your organizations for Client Access server deployment? Answer: Answers will vary depending on the size and complexity of the student's organization.

5 Client Access Server Services
Client Access server options: Client Access server services: Outlook (MAPI) Outlook Anywhere (HTTPS) Outlook Web App Exchange ActiveSync POP3 IMAP4 Entourage 2008, Web Services Edition RPC Client Access Service Autodiscover Availability Address Book Exchange Web Services MailTips Exchange Control Panel Key message: Use this topic to provide a quick overview of all of the different client access components that may need to be considered during the client access design process. Ask students which of the client access options they will be supporting within their organizations. Briefly discuss the protocols used for each of the client access options. Stress that Outlook® Anywhere, Microsoft Outlook Web App and Microsoft Exchange ActiveSync® all use HTTPS, so a single infrastructure can be used to provide all three client access options.

6 How RPC Client Access Service Works
RPC Client Access Service is a new service in Exchange Server 2010 that resides on the Client Access server Key message: Describe the remote procedure call (RPC) Client Access Service. Be prepared to spend some extra time on this topic, because the RPC Client Access Services feature is a very significant change in the Exchange Server architecture. Remind students that in all previous Exchange Server versions, Messaging Application Programming Interface (MAPI) clients communicated directly with the Mailbox server role. This has changed in Exchange Server 2010, so that now messaging clients do not communicate directly with the Mailbox server. Mention that the only direct connection from a MAPI client to the Mailbox server is now for public folder access. With RPC Client Access Service: Outlook data connections go to the Client Access server instead of connecting directly to Mailbox servers The DSProxy interface is replaced by providing an Address Book service on the Client Access server Public folder connections connect directly to the Mailbox server Client Access server Mailbox server Domain Controller

7 How Client Access Service Works with Multiple Sites
Multiple Internet Access Points Single Internet Access Point Domain Controller 3 Client Access Server Mailbox Server Key message: Review how clients access the Client Access server. Use these slides to review how clients access the Client Access server. The first build on the slide shows the interaction between the messaging clients, the Client Access server, the Mailbox server, and the domain controllers. The second build shows how this client interaction changes when you have multiple Active Directory® sites in the organization. Ensure that students are clear on the concepts of proxying and redirection. This will be very important when designing client access for organizations with multiple sites, and will also be important during the transition from earlier versions of Exchange Server to Exchange Server 4 Client request is redirected Client request is proxied RPC 1 2 MAPI HTTPS IMAP4 POP3 Proxying is used for Outlook Web Access, Exchange ActiveSync, Exchange Web Services, POP3 and IMAP4 Redirection is used only for Outlook Web Access

8 Requirements for Accessing the Client Access Server from the Internet
Client Access server must be accessible using the client access protocols Client Access virtual directories must be configured with an external URL External names must be available in DNS Split DNS may be required SSL certificate with multiple subject alternative names is recommended Autodiscover should be available for Outlook Anywhere and Exchange ActiveSync clients Key message: Identify what you will need to do to make client access services available to users on the Internet. Exchange Server 2010 is designed to provide access from the Internet to various types of clients. Emphasize the first three bullet points on the slide, as these are required to provide Internet access. The other three bullet points are not required, but are recommended. Discuss the concept of split DNS. If users both inside and outside the organization need to access the Client Access servers using the same server name, then the organization will need to deploy a split DNS so the internal name resolves to a different IP address than the external name. Question: Will you be providing Internet access to the Client Access servers in your environment? If you are, how will you provide access? Answer: Most organizations provide access to Client Access servers for Internet users. In many cases, organizations use reverse proxies or firewall configurations to secure the network perimeter. Some organizations also provide access only through virtual private networks (VPNs). In this case, users must first establish the VPN connection, and then connect to the Client Access server.

9 Lesson 2: Designing Client Access Server Deployment
Designing Client Access Server Hardware Requirements Client Access Server Security Designing Client Access Server Certificates Designing Autodiscover Designing the Availability Service Designing MailTips Designing Client Throttling Designing Client Access Services with Multiple Namespaces

10 Designing Client Access Server Hardware Requirements
Component Recommendation Processor cores 2 cores minimum, and 12 cores maximum RAM 2 GB of RAM per processor core (8 GB minimum) Hard disk Not hard disk intensive Network connections Configure with teamed 1 Gbps network cards Requires fast network connections to Mailbox servers and global catalog servers Key message: Discuss the hardware requirements for the Client Access server. Stress that because of the increased load on the Client Access server—in particular, the RPC Client Access service—the recommended ratio of Client Access server processor cores to Mailbox server processor cores has increased to 3:4. In Exchange 2007, the recommended ratio was 1:4. Deploy three Client Access server processor cores in an Active Directory site for every four Mailbox server processor cores

11 Client Access Server Security
To secure a Client Access server: Install server certificates and ensure that SSL is required ü Key message: Define Client Access server security. Stress the importance of using server certificates with Client Access servers. If server certificates and SSL are not used, user credentials and message contents might be passed in clear text. While discussing the authentication options, mention that the default configuration for Outlook Web App and Exchange Control Panel is to use forms-based authentication, while Exchange Active Sync uses Basic authentication. POP3 and IMAP4 use Transport Layer Security (TLS) by default. Stress that the default options are likely to be the most secure. Configure authentication settings: Integrated Windows authentication Digest authentication Basic authentication Forms-based authentication ü Protect the server with an application layer firewall ü

12 Designing Client Access Server Certificates
Use certificates to encrypt all client traffic Use multiple subject alternative names in the certificate to simplify deployment Use as few server names as possible Avoid using wildcard certificates Use public CAs to simplify the user experience Use the same certificates for Client Access servers and reverse proxies Key message: Design Secure Sockets Layer (SSL) and TLS certificates for Client Access servers. While designing a Client Access server deployment, one of the most important decisions is how to configure the certificates on the server. Making the right server certificates choices can have a significant impact on the user experience. While discussing the certification authority (CA) options, mention that each Exchange Server server automatically issues a self-signed certificate when Exchange Server is installed. Discuss the limitations of using this certificate. Discuss the benefit of using as few names a possible when requesting a certificate. Mention that at a minimum, organizations could have just two names in the certificate (for example, mail.contoso.com and autodiscover.contoso.com). Question: What are the implications of using as few server names as possible as certificate subject alternative names? Answer: If you use very few server names, you need to ensure that all clients are using the same server name when accessing the server. For example, if you decide to use mail.contoso.com and autodiscover.contoso.com as the server names, and you are enabling access to Outlook Web App, Outlook Anywhere, Exchange ActiveSync, Post Office Protocol version 3 (POP3) and Internet message access protocol version 4 (IMAP4), you will need to configure all clients to use the certificate name, both internally and externally.

13 Designing Autodiscover
Consider modifying the Internal URL to use a single host name for multiple Client Access servers Consider using site affinity for multiple locations Configure DNS records to enable Autodiscover access from the Internet Configure external host names for all required virtual directories Ensure that the Autodiscover virtual directory is accessible for Internet clients Key message: Design the Autodiscover deployment. Emphasize the importance of designing the Autodiscover service. The most obvious benefit of using Autodiscover is that all Office Outlook 2007 or newer clients and all Windows Mobile 6 or newer clients can be automatically configured to use the right Exchange server to access the user mailbox. However, Autodiscover also provides other important information, such as where the client should download the offline address book (OAB), where the client should connect to access availability information, and where the client can access the Unified Messaging server. If any of these components is incorrectly configured, the client may be able to connect to the user mailbox, but may be limited in functionality.

14 Designing the Availability Service
Consider legacy client support for Availability data Consider cross-forest availability lookups Synchronize GAL Configure Autodiscover Validate certificates Key message: Considerations to remember about availability service. Remind students that Office Outlook 2003 clients still require the system public folders for Free\Busy and OAB availability. This means that in a transition scenario, you will need to retain at least one server with a public folder database as long as you have these clients in your organization. Mention that in order for Autodiscover to work for Internet clients, several other virtual directories on the Client Access server must also be accessible. Autodiscover only provides information to the client about where to obtain information such as the OAB or free\busy information. These virtual directories still need to be made accessible for the clients to actually download the content.

15 Designing MailTips The Client Access server
Compiles and sends MailTips to the client Uses Active Directory information, recipient mailbox information, and local group metrics to compile MailTips Key message: Design the MailTips deployment. MailTips is a new feature in Exchange Server Stress that all of the work of compiling MailTips is performed by the Client Access server. The Client Access server compiles all available MailTips and sends them to the user at one time. Mention that the Client Access server must collect the MailTips information from several sources, so the connection between the Client Access server, global catalog servers, and Mailbox servers will be one of the most important factors that will determine MailTips performance. The process for compiling MailTips is optimized to avoid performance degradation To optimize using MailTips: Verify the group metrics calculation Ensure that Client Access servers have fast connections to global catalog servers, Mailbox servers, and local group metrics to compile MailTips Be aware of limitations for accessing MailTips between sites

16 Designing Client Throttling
Throttling policies define the Client Access server capacity that a user can use Key message: Discuss scenarios where organizations might consider using client throttling. For example, if most users in the organization are using Outlook Web App to access their mailboxes and the Client Access servers are running at full capacity, you might want to minimize the server resources that each user can use for Outlook Web App connections. If specific users must be guaranteed a fast response, you can assign additional resources to those users while reducing the resources for other users. If students have not used client throttling, consider demonstrating the default throttling policy. To do this, run the Get-ThrottlingPolicy cmdlet. Reference Understanding Client Throttling Policies To design client throttling: Monitor the Client Access servers to identify bottlenecks Review the default throttling policy settings Plan for client throttling based on client access protocols To implement client throttling: Configure custom throttling policies Assign the policies to user accounts Implement policies incrementally, and monitor results

17 Designing Client Access Services with Multiple Namespaces
Multiple namespace support may be required when: An organization uses multiple SMTP domains An organization includes multiple Active Directory trees or forests Key message: Design Client Access services for organizations with multiple SMTP domain names. Mention that internal access to the Client Access server role in a single forest is not affected by users using different SMTP domains in their addresses. However, in the resource forest scenario, or if Exchange Server 2010 is deployed in multiple forests, SCP records will need to be configured in each forest to ensure that Autodiscover can locate appropriate Client Access servers. External access to the Client Access servers can be more difficult to configure. Describe the components that must be in place to enable external access, and then describe the options and considerations for configuring these components. Configure SCP records in all forests for Autodiscover Configure host name and Autodiscover DNS records for each domain name Include all domain names in the certificate subject alternative names Consider configuring separate Web sites for each domain

18 Lesson 3: Designing Client Access
Designing MAPI Client Access Designing Outlook Anywhere Access Designing Outlook Web App and Exchange Control Panel Designing Exchange ActiveSync Access Designing POP3 and IMAP4 Access Designing Firewalls and Reverse Proxies for Client Access

19 Designing MAPI Client Access
Options for configuring MAPI client access Disable all MAPI client connections Enable MAPI connections based on client versions Disable MAPI connections by user Key message: Describe the benefits of connecting to the Client Access server rather than the Mailbox server, but remind students of the performance consequences. Continue on to describe how you can control MAPI access by client-type or by user account. Perhaps demonstrate the process of disabling a user from using a MAPI client.

20 Designing Outlook Anywhere Access
To configure Outlook Anywhere access: Configure Autodiscover to provide necessary URLs Remember that Redirection is not supported Enable Outlook Anywhere on at least one Client Access server per site Plan certificate settings carefully Configure firewall settings Key message: Provide an overview of the steps necessary to configure Outlook Anywhere. Remind students that neither proxying nor redirection is supported for Outlook Anywhere.

21 Designing Outlook Web App and Exchange Control Panel
When designing Outlook Web App and Exchange Control Panel, plan the following: ü Authentication Key message: Describe the decisions that you need to make when designing Outlook Web App in Exchange Server 2010. Most of the settings relate to Outlook Web App security, or to modifying the user experience. Students may not be familiar with some of the more advanced security settings that are only available through the Exchange Management Shell, so be prepared to describe and possibly demonstrate these settings. Reference Simplify the Outlook Web App URL ü Virtual directory segmentation settings ü Advanced security options Consider modifying the Outlook Web App virtual directories: Simplify the URL Redirect requests Create a new virtual directory Ensure that the Exchange Control Panel virtual directory settings match the Outlook Web App virtual directory settings

22 Designing Exchange ActiveSync Access
To configure Exchange ActiveSync access: Configure Autodiscover to enable automatic client configuration Require SSL on the Microsoft-Server-ActiveSync virtual directory Consider requiring certificates on mobile devices Implement Exchange ActiveSync policies Configure firewall settings to support Direct Push Consider data plans when configuring client settings Key message: Emphasizing the importance of security for Exchange Server ActiveSync access. Cellular connectivity is inherently not secure, so it is critical that all communications between the cellular device and the Client Access server are encrypted. Discuss the benefits of maximizing the connection security by using client certificates, or two–factor authentication. A critical question for many organizations when enabling Exchange ActiveSync, is determining which devices they will support. Many cell phone manufacturers are licensed for Exchange ActiveSync, which means that users have many options when choosing their devices. However, supporting many different devices may require additional training and resources. As a result, the organization may choose to support only a few of the many available devices. As part of the Exchange ActiveSync design process, the organization may need to identify which devices to support.

23 Designing POP3 and IMAP4 Access
ü Identify the business requirements for POP3 and IMAP4 Plan an SMTP delivery option for POP3 and IMAP4 clients to send ü Key message: Plan to support POP3 and IMAP4. With the availability of Outlook Anywhere and Outlook Web App, many organizations no longer support POP3 and IMAP4 connections. Ask students whether they will be required to support POP3 or IMAP4 clients. If they are, ask them to describe why users in their organizations are using these clients rather than Outlook Anywhere or Outlook Web App. One of the potentially difficult design decisions when deploying POP3 and IMAP4 clients is deciding how to provide Standard Mail Transport Protocol (SMTP) connectivity so that these clients can send . Organizations may want to use an Exchange 2010 Edge Transport server to provide this functionality, but there is no way to configure the Edge Transport server to support authenticated connections using the internal Active Directory accounts. The recommended solution is to use the client SMTP receive connector on a Hub Transport server—this connector supports authenticated connections using port 587. ü Plan for secure authentication ü Consider implementing TLS ü Plan client connection and retrieval settings

24 Designing Firewalls and Reverse Proxies for Client Access
Enable access on only required client access ports Deploying Client Access servers in a perimeter network is not supported Consider using a reverse proxy to secure connections to the Client Access server Verify that reverse proxy supports certificates with multiple subject alternative names Key message: Design firewalls and reverse proxies for Client Access server. Emphasize that Client Access server deployments in a perimeter network are not supported. If students question this requirement, spend some time discussing the configuration that is required on the backend firewall if you deploy a Client Access server in a perimeter network. The server must be a domain member, so all of the ports required for a domain member to communicate with domain controllers must be opened on the internal firewall in addition to the client protocols. Discuss the benefits of using a reverse proxy. The primary benefits are that the reverse proxy can break the SSL connection from the client to the Client Access server, and the reverse proxy can preauthenticate connections before they reach the internal network. NOTE: if you want to publish Exchange Control Panel through ISA 2006, you have to manually edit publishing rule to add the /ecp directory because ISA 2006 does not natively support Exchange 2010 publishing Forefront Threat Management Gateway or Forefront Unified Access Gateway are recommended reverse proxy solutions for Exchange 2010 Client Access servers

25 Lesson 4: Designing Client Access Policies
Designing Outlook Web App Mailbox Policies Options for Managing Mobile Devices Designing Exchange ActiveSync Policies Designing Mobile Device Remote Wipe Policies Before you can design a new infrastructure, you have to know what is already present in the organization. This information provides a starting point for creating the target state design, and for creating the implementation plan. This lesson provides an outline of the types of information that need to be collected in order to create the design of the new messaging system.

26 Designing Outlook Web App Mailbox Policies
Identify the business requirements for Outlook Web App mailbox policies ü Modify the virtual directory settings to address the requirements for most users ü Key message: Design mailbox polices for implementing Outlook Web App security. Stress that Outlook Web App mailbox policies are only required when organizations have different requirements for enabling access to Outlook Web App. If all users need the same level of access, the requirements can be addressed by just modifying the settings on the Outlook Web App virtual directory. Mention that the default Outlook Web App mailbox policy is not applied to any user. If organizations need a custom Outlook Web App configuration for just one group of users, they can modify the default policy and then apply the policy to the specific group of users. Any settings configured in the mailbox policy will override the settings configured on the Outlook Web App virtual directory. Modify the default Outlook Web App mailbox policy, and apply to users ü If required, create new Outlook Web App mailbox policies, and apply to users ü

27 Options for Managing Mobile Devices
Options for managing mobile devices include: Setting security restrictions on a mobile device by applying an Exchange ActiveSync policy to a user mailbox Using the Exchange Server management tools to: View a list of all mobile devices in use Send a remote wipe command to a mobile device Delete an unused partnership between devices and mailboxes Securing the connection from mobile devices to the Client Access server Managing which types of devices are allowed to connect to the Client Access server Managing Exchange ActiveSync access for individual mailboxes Key message: Define security policies for managing mobile devices. The use of mobile devices can raise security concerns, because they may contain a large amount of confidential information, and are easily lost or stolen. Therefore, it is essential to define some security policies for managing mobile devices. If students are not familiar with the mobile device management options in Exchange Server 2010, consider using the virtual machine environment to demonstrate the options for configuring Exchange ActiveSync policies, and for performing remote wipes. Reference Microsoft System Center Mobile Device Manager Consider implementing System Center Mobile Device Manager 2008 to manage mobile devices using Active Directory policies

28 Designing Exchange ActiveSync Policies
Exchange ActiveSync policy options include: Password complexity requirements, password length, password expiration, and time-out value before users must re-enter their passwords Restrictions on downloading attachments to mobile devices Requirements for data encryption on mobile devices The number of times users can enter the wrong passwords before their devices are locked or wiped Storage of the device’s recovery password on an Exchange server Key message: Discuss security settings for Exchange ActiveSync. As you discuss each of the options for configuring Exchange ActiveSync polices, discuss the implications of implementing each of the policies. For example, requiring long, complex passwords for the devices will increase device security, but will also increase user frustration. For each of the options, students are likely to need to balance security requirements with ease of use. Ask students how they would balance these two requirements. Use multiple Exchange ActiveSync policies to configure different security settings for different users

29 Designing Mobile Device Remote Wipe Policies
Both the Exchange administrator and the device user can initiate a remote wipe of the mobile device Key message: Discuss mobile device management. Students may be uncomfortable with the idea of wiping mobile devices—this runs contrary to the effort they usually put in to making sure that this does not happen on computers. Emphasize that mobile devices must be handled differently than computers, because there are fewer options for managing the devices. When defining policies for performing a remote wipe: Define a policy for when Exchange administrators will wipe a device remotely Develop policies and procedures for rebuilding wiped devices or rebuilding new devices Develop policies for allowing users to wipe their own devices

30 Estimated time: 90 minutes
Lab: Planning and Deploying Client Access Services in Exchange Server 2010 Exercise 1: Designing the Client Access Server Deployment Exercise 2: Designing Client Access Exercise 3: Implementing Client Access Lab Goal: Students will design a Client Access server deployment, and implement and test part of the design. You may want to perform the design portion of this lab as a group discussion rather than an individual activity. One suggested method is to provide the students with a few minutes to read the documentation for each exercise, and then complete the questions provided in the exercise as a group discussion. When one exercise is complete, then move on to the next. This often stimulates additional discussion about real-life implementation in the organization of the students. Lab Objective(s): Design the Client Access server deployment. Design client access. Implement and validate the client access design. Exercise 1: Designing the Client Access Server Deployment Inputs: Students will be provided with more detailed client access requirements information for the organization. The documentation will include business requirements, security requirements, and device management requirements. Outputs: Students will create a design for the client access server deployment. The design will include: Server sizing recommendations. Server placement recommendations. Server configuration recommendations. Exercise 2: Designing Client Access Students will be provided documentation describing the client access requirements for the organization. (Use same documentation as Exercise 1.) Students will design the client access configuration for the organization. This will include: Which clients will be supported. From where clients will be able to access the Client Access server. Configuration components required to enable access. Client access policies required. Logon information Virtual machine 10233A-VAN-DC A-VAN-EX A-VAN-EX A-VAN-CL1 User name Adatum\Administrator Password Pa$$w0rd Estimated time: 90 minutes

31 Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Exercise 3: Implementing Client Access Inputs: Students will use the design from Exercises 1 and 2 to implement and test part of the Client Access server deployment. The required Client Access servers will already be deployed—students will just be modifying the configuration to meet the design specifications. Outputs: Students will implement part of the Client Access server design. They will implement: Exchange ActiveSync policies for user groups Students will verify that their deployment meets the company requirements. 31 31

32 Lab Scenario You are a messaging engineer for A. Datum Corporation, an enterprise-level organization with multiple locations. A. Datum Corporation is an international corporation involved in technology research and investment, and is planning to upgrade from Exchange Server 2003 to Exchange Server 2010. You have been tasked with reviewing the current messaging infrastructure and network topology and planning the deployment and configuration of Client Access servers. You are required to make proposals about how best to address the needs of the various stakeholders in the organization. Finally, you are required to implement part of your proposed client access design.

33 Lab Review In exercise 3, you used to connect to Outlook Web App. If you wanted to use instead, what would you need to consider? In exercise 3, you assigned an Exchange ActiveSync mailbox policy to a collection of users. If you had an Outlook Web App mailbox policy called “Sales Policy” to assign to members of the Sales OU, what would be the Exchange Management Shell syntax? When reviewing the preceding lab, be sure the students understand the reasons for the tasks they completed. Question: In exercise 3, you used to connect to Outlook Web App. If you wanted to use instead, what would you need to consider? Answer: You must ensure you have a certificate that supports the new proposed name. If you propose to use only a single URL irrespective of the site location of the Mailbox database of the connecting user, you must also consider proxy and redirection issues. Question: In exercise 3, you assigned an Exchange ActiveSync mailbox policy to a collection of users. If you had an Outlook Web App mailbox policy called “Sales Policy” to assign to members of the Sales OU, what would be the Exchange Management Shell syntax? Answer: Get-Mailbox -OrganizationalUnit Sales | Set-CASMailbox -owamailboxpolicy "Sales Policy". 33

34 Module Review and Takeaways
Review Questions Best Practices Review Questions When a user attempts to connect to an Internet-facing client access server, the petitioned server determines that the user’s mailbox is located in another site. The Client Access server in the other site is not configured with an external URL. What happens next? Answer: The Client Access server receiving the request proxies the client request to the Client Access server in the appropriate site. You have deployed a single Internet-facing Client Access server to support all sites in your organization. Which authentication method must you configure on all other Client Access servers? Answer: You must enable Integrated Windows authentication on all of the Client Access servers that are not Internet accessible. Your users seem to be experiencing problems when trying to access their mailboxes using Outlook Web App. You realize they are typing the incorrect URL, and are forgetting the https prefix. What can you do to assist? Answer: Simplify the Outlook Web App URL. Redirect users that use the form to use SSL and connect to the Outlook Web App virtual directory. For example, when a user types IIS redirects them to

35 Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Best Practices Supplement or modify the following best practices for your own work situations: Never deploy a Client Access server in your perimeter network. As a general guideline, deploy three Client Access server processor cores in an Active Directory site for every four Mailbox server processor cores. Do not run the Security Configuration Wizard on servers that support Exchange Server server roles. If your organization has deployed Exchange servers in multiple Active Directory sites, consider configuring site affinity for the Autodiscover service. If you have multiple Client Access servers—each in a different site and with different names— be sure to obtain a certificate that can support multiple names. 35 35

Download ppt "Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing."

Similar presentations

Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.

Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Implementing and Administering AD FS

Implementing and Administering AD FS
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Deploying Microsoft® Exchange Server 2010

Deploying Microsoft® Exchange Server 2010
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.
Implementing High Availability

Implementing High Availability
Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.

Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.
Understanding Active Directory

Understanding Active Directory
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
TechEd 2013 4/20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Chapter 7: Using Windows Servers to Share Information.

Chapter 7: Using Windows Servers to Share Information.
Module 13: Configuring Availability of Network Resources and Content.

Module 13: Configuring Availability of Network Resources and Content.
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.

SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.
Module 8: Managing Client Configuration and Connectivity.

Module 8: Managing Client Configuration and Connectivity.
Module 4: Add Client Computers and Devices to the Network.

Module 4: Add Client Computers and Devices to the Network.

Similar presentations

Ads by Google