Exchange Pilot as a new Messaging infrastructure at CERN Alberto Pace, for the IT/IS group - April

Messaging Infrastructure at CERN – HEPNT Meeting, Catania, Italy – April 2002 Electronic Mail at CERN u The current services have been designed in u Dedicated infrastructure, dedicated team. u Mandated to offer an IMAP-based mail service, an LDAP-based address database, Mailing lists handling and news feeds u Very successful service: u Unanimously adopted site wide u Number of mailboxes in excess of 15’000 u Very reliable

Messaging Infrastructure at CERN – HEPNT Meeting, Catania, Italy – April 2002 Why a new infrastructure ? u New requirements have appeared u Personal / Shared Calendar with delegated authoring u Integration with PDAs, offline work and disconnected clients u With the possibility of merging back changes made on both sides (secretary scenario) u Web access to all services u Better security (SSL) and antivirus protection u Single logon, Voice Mail, Telephone integration, instant messaging, video conference, … u CERN global manpower reduction u > 2000 staff members, more focus on LHC u Coverage during the extended Christmas shutdown u Directives to reduce costs u Personnel, Money, Industrial Services (P+M+I)

Messaging Infrastructure at CERN – HEPNT Meeting, Catania, Italy – April 2002 Objectives u Cost reduction u Cheaper server hardware providing more resources u Leverage from existing experience and services u Same hardware used for Win, Web services and PC farms u Potentially save 50K+ per year u Increased functionality u Addressing user community requirements u Leverage on PC & W2K technology and existing skills u Reducing diversity, hence simplifying the operations u Use of existing procedures (e.g. installations, backup, interventions, alarm & monitoring, etc. ) u Economy of scale with same team for Web / Mail / Windows u All external interfaces based on standard protocols for interoperability

Messaging Infrastructure at CERN – HEPNT Meeting, Catania, Italy – April 2002 Infrastructure for the Pilot u 8 Server PCs u 4 Back-end (message store) u 2 Front End (Routing, Web access, …) u 2 spare u Dimensioned to be “out” scalable by adding additional servers u As the pilot has to investigate also behavior under heavy load, the pilot infrastructure is designed to be able host the full laboratory load u In the final infrastructure, we believe that a final architecture with 12 servers (8 message stores) should be sufficient u No licenses needed at this stage u Part of our MSDN / Premier Support Service agreement

Messaging Infrastructure at CERN – HEPNT Meeting, Catania, Italy – April 2002 Addressing Requirement u Increased Security u In addition to normal IMAP and POP, enable SSL for client that supports it u Open ports imap(143), imaps(993), pop(110), pops(995) u In the long term consider to close ports imap(143) & pop(110) u Enable Authenticated SMTP service (versus the anonymous service today) with mail routing and relaying allowed u Enable secure Web Mail access over SSL for any browser (including legacy>= 4) u Open both http (80) and https (443) ports with port 80 being redirected to port 443 u Install Antivirus software, scan message stores, Incoming and outgoing messages u Enable MAPI (secure and encrypted) in order to support native Exchange clients (Outlook) u Synchronize Mail accounts with Web/Win accounts. Single sign-on for Mail/Web/Win services

Messaging Infrastructure at CERN – HEPNT Meeting, Catania, Italy – April 2002 Single Sign-on u Why single sign-on increases security ? u The user is an insecure component of the security chain if he has nothing to protect u Proliferation of accounts and passwords results in users not protecting their credentials on services they seldom use u By coupling multiple services together, we enforce security, because here or there, every person has something to protect (eg: mail, data in home directory, …) u Current working group is considering (again) a proposal to synchronize AFS and Win/Mail/Web passwords

Messaging Infrastructure at CERN – HEPNT Meeting, Catania, Italy – April 2002 Addressing Requirement u Enable “Calendaring” u Native Exchange clients (Outlook) support with MAPI enabled u Personal calendar in every mailbox u Access to “shared” calendar u Allows authoring delegation (secretary scenario) u Allows publishing of Agenda/Calendars on the web u Basic calendar functionality accessible cross platform using the Web interface, Read/Write mode u Complete shared calendaring possible through public folders

Messaging Infrastructure at CERN – HEPNT Meeting, Catania, Italy – April 2002 Addressing Requirement u Access to news u News feeds directed into public folders u Access to newsgroup also using the Web interface u Explore new possibilities u Generalized use of e-groups (NICE2000 group manager). Same e-group objects can be referenced to set permissions but also as mailing list u Public folders for collaboration, document store, web site, … u Fax, SMS, telephony gateways u Web integration u Voice mail

Messaging Infrastructure at CERN – HEPNT Meeting, Catania, Italy – April 2002 Migration strategies - Phase 1 IMAP Mail Client Exchange ServerOld IMAP server User.mailbox.cern.ch Asynchronous overnight migration of the message store IMAP Only scenario Migration transparent for the user. No client reconfiguration necessary Creation of new mailbox Reconfigure DNS Block access to old server

Messaging Infrastructure at CERN – HEPNT Meeting, Catania, Italy – April 2002 Migration strategies – Phase 2 Exchange Server User.mailbox.cern.ch User wants extra features MAPMail ClientI Client is reconfigured From IMAP to MAPI Server name should change to mmm.cern.ch mmm.cern.ch

Messaging Infrastructure at CERN – HEPNT Meeting, Catania, Italy – April 2002 Mail Client Support Models IMAP Windows XP Office XP Windows 2000 Office 2000 MAPI 2 Models ? 8 Models ? (just for windows mail clients) 3 Models …

Messaging Infrastructure at CERN – HEPNT Meeting, Catania, Italy – April 2002 Current Plan u Prototype (4Q01-1Q02) u Explore possibilities, alternative architectures, initial how-to’s, sources of worries, prepare questions u Understand initial costs u Collect initial experience in order to propose a Pilot u Pilot (2Q02-3Q02) u Ensure User needs are satisfied u Identify potential problems, limitations u Identify cost & extra work needed u Identify risks and long term costs u Limited (or targeted) at a well-know user community u Identify potential migration issues u Prepare training and documentation needs u Deployment (3Q02-1Q03) - subject to successful pilot and management approval u Open to everybody u Migration plans understood and applied

Messaging Infrastructure at CERN – HEPNT Meeting, Catania, Italy – April 2002 Outlook Web folderInternet Explorer Netscape 4.75 on lxplus

Messaging Infrastructure at CERN – HEPNT Meeting, Catania, Italy – April 2002 Conclusion u For the user u Exchange 2000 could give opportunity to long outstanding requests: u Mail, Calendar and more u Web access to most of the features u Does not rely on any particular client (browser >= 4) u and allowing group collaboration u e-groups and “groupware” u For IT/IS u While taking into account the constant search for economy u Maintenance/Server replacement at least 30% cheaper (per year) assuming users u And address manpower issues u by consolidating on a platform that we have to support anyway u reducing diversity requires less specialization u mail expertise currently limited to two individuals could expand to 7-8 persons u as well as potential integration of other products/security features  An opportunity for offering more services & coverage for a global reduced/constant cost

Messaging Infrastructure at CERN – HEPNT Meeting, Catania, Italy – April