Presentation is loading. Please wait.

Presentation is loading. Please wait.

Planning and Deploying Client Access Servers

Published byHarold Ward Modified over 6 years ago

Similar presentations

Presentation on theme: "Planning and Deploying Client Access Servers"— Presentation transcript:

1 Planning and Deploying Client Access Servers
20341B 4: Planning and Deploying Client Access Servers Presentation: 75 minutes Lab: 60 minutes After completing this module, students will be able to: Plan the Client Access server deployment. Configure the Client Access server role. Manage Client Access services. Required materials To teach this module, you need the Microsoft® Office PowerPoint® file 20341B_04.pptx. Important: We recommend that you use Office PowerPoint® 2007 or newer to display the slides for this course. If you use PowerPoint Viewer or an earlier version of Office PowerPoint, some features of the slides might not display correctly. Preparation tasks To prepare for this module: Read all of the materials for this module. Practice performing the demonstrations. Practice performing the labs. Work through the Module Review and Takeaways section, and determine how you will use this section to reinforce student learning and promote knowledge transfer to on-the-job performance. As you prepare for this class, it is imperative that you complete the labs yourself so that you understand how they work and the concepts that are covered in each. This will allow you to provide meaningful hints to students who may get stuck in a lab, and it also will help guide your lecture to ensure that you cover the concepts that the labs cover. Module 4 Planning and Deploying Client Access Servers

2 Managing Client Access Services
20341B Module Overview 4: Planning and Deploying Client Access Servers Managing Client Access Services This module focuses primarily on the server side of the Client Access server role. Do not spend too much time talking about clients and client services, because the next module covers that in detail. The most important feature of this module that you should emphasize is Client Access server’s role, and how it works with clients and with the Mailbox server. You should also point out the differences in the Client Access server between the Microsoft® Exchange Server 2010 and Exchange Server 2013 releases.

3 Lesson 1: Planning Client Access Server Deployment
20341B Lesson 1: Planning Client Access Server Deployment 4: Planning and Deploying Client Access Servers Planning Client Connectivity for Client Access Server

4 What Is the Client Access Server Role?
20341B What Is the Client Access Server Role? 4: Planning and Deploying Client Access Servers Client Access server role handles client connections and server SMTP-based connections Clients do not communicate with Mailbox server directly Connections are routed through Client Access server Client Access server does not store any user data Client Access server provides services for messaging security through Front End Transport service Provide a high-level overview of the Client Access server role. Do not go into too much detail, because future topics describe all aspects of Client Access server. The most important aspect of this topic for the students is that they understand the purpose of the Client Access server.

5 Hardware and Software Requirements for the Client Access Server
20341B Hardware and Software Requirements for the Client Access Server 4: Planning and Deploying Client Access Servers General hardware and software requirements for Exchange Server 2013 apply to Client Access server Client Access server needs to have reliable disks Make sure that operating system volume is redundant Provide more than one Client Access server if possible Client Access server requires a fast network connection to Mailbox servers and global catalog servers Discuss the requirements and general guidelines for designing hardware for a Client Access server.

6 Planning Client Access Server Deployment
20341B Planning Client Access Server Deployment 4: Planning and Deploying Client Access Servers Client Access server: Must be deployed in each AD DS site that has Mailbox servers Must have a fast connection to Mailbox servers and domain controllers Needs to be accessible from the Internet using the client protocol in Internet-facing sites You deploy Client Access server: On a single server with other Exchange Server roles On a dedicated server to provide scalability On multiple dedicated servers in NLB cluster Describe the considerations for deploying a Client Access server. Stress that although it is no longer mandatory to have Client Access server in each site where you have a Mailbox server, this practice is still recommended. Describe the different deployment options, and discuss scenarios where the organizations might deploy each option: Single server with other Exchange Server roles. This option’s typical scenario would be a small organization or a branch office in a large organization. Dedicated server. This option’s typical scenario would be a medium-sized organization. Multiple dedicated servers in a NLB cluster. This option is typically only used in large organizations or organizations with very high-availability requirements.

7 How Does a Client Access Server Work?
20341B How Does a Client Access Server Work? 4: Planning and Deploying Client Access Servers Outlook Web App Outlook EAS EAC PowerShell POP, IMAP POP/IMAP SMTP SIP This is a very important topic. If the students have experience with the Exchange Server 2007 and versions, explain how clients were connecting to their mailboxes before. Afterward, describe how the Client Access server is serving clients in Exchange Server Emphasize that the connection fully qualified domain name (FQDN) now includes the Mailbox GUID and User Principal Name (UPN). Make sure that the students have a clear understanding of the terms MAPI, RPC, and HTTPS. There is a common misunderstanding that in Exchange Server 2013, Outlook does not use MAPI to connect to the mailbox. In fact, MAPI over RPC remains, but it is wrapped inside HTTPS by default. Redirect Firewall SIP + RTP IIS HTTP Proxy POP, IMAP SMTP UM Client Access HTTP RPS RPC OWA, EAS, EWS, ECP, OAB RpcProxy MDB IIS IIS POP, IMAP Trans-port UM Mailbox MailQ

8 Connecting Outlook Clients to Mailboxes
4: Planning and Deploying Client Access Servers Exchange Server 2013 no longer uses FQDNs of Client Access servers or arrays to locate user mailboxes Client Access server uses the GUID that is assigned to the user mailbox The connection point is the string that is a unique identifier of the mailbox Connection point contains the mailbox GUID and domain name Explain the difference in how Outlook clients connect to Exchange Server 2013, and compare this to previous Exchange versions. If possible, we recommend that you demonstrate how the Outlook profile is configured in 2013 and what the connection endpoint looks like. Explain the benefits of this approach.

9 How Does a Client Access Server Work with Multiple Sites?
20341B How Does a Client Access Server Work with Multiple Sites? 4: Planning and Deploying Client Access Servers In a pure Exchange 2013 environment, Client Access server will always proxy the client connection to the right Mailbox server In a mixed Exchange environment, Client Access server 2013 will proxy the connection to the Client Access Server 2007 or 2010 in the destination site POP3 and IMAP4 clients must connect directly to the Client Access server in their destination site Discuss how Client Access Server role works in AD DS environments with multiple AD DS sites. Explain that in previous versions, connections were either proxied or redirected to the Client Access Server in destination AD DS site, where the Mailbox server is located. Now the Client Access Server proxies the connections directly to the appropriate Mailbox Server.

10 Planning Client Connectivity for Client Access Server
20341B Planning Client Connectivity for Client Access Server 4: Planning and Deploying Client Access Servers Officially supported client platforms: Outlook 2013 Outlook 2010 SP1 with April 2012 Cumulative Update Outlook 2007 SP3 with July 2012 Cumulative Update Entourage 2008 for Mac, Web Services Edition Outlook for Mac 2011 You can also connect from various POP3 and IMAP4 clients, and ActiveSync devices Describe the supported client platforms and the connectivity options for the Client Access server.

11 Lesson 2: Configuring the Client Access Server Role
20341B Lesson 2: Configuring the Client Access Server Role 4: Planning and Deploying Client Access Servers Configuring POP3 and IMAP4 Client Access

12 Configuring Client Access Server Options
20341B Configuring Client Access Server Options 4: Planning and Deploying Client Access Servers On a Client Access server, you can configure the following groups of options: Virtual Directory settings Certificates Mobile device settings Mail flow Antimalware protection Outlook Anywhere options Briefly describe the configurable options for a Client Access server. Do not go into much detail, as all of these options and settings will be configured in later modules.

13 Configuring Namespaces on a Client Access Server
20341B Configuring Namespaces on a Client Access Server 4: Planning and Deploying Client Access Servers Multiple namespace support may be required when: An organization uses multiple SMTP domains An organization includes multiple AD DS domains or forests Options include: A single name space with a single data center A single name space with proxy sites A single name space with multiple Internet-accessible sites Regional namespaces Multiple forests Discuss namespaces issues. Explain the scenario in which you will want to use multiple namespaces.

14 Configuring Certificates on the Client Access Server
20341B Configuring Certificates on the Client Access Server 4: Planning and Deploying Client Access Servers When implementing Client Access certificates, consider: Whether to use an internal or public CA – consider advantages and disadvantages of each approach The client access protocols and services published to the Internet The namespaces used by messaging clients to connect Exchange Server 2013 Mailbox Server has a self- signed certificate preinstalled Explain the advantages and disadvantages of certificates on the Client Access server. Emphasize that a self-signed certificate is not a good solution for the clients. Then discuss how to use internal or public CAs.

15 20341B Demonstration: Creating a Certificate Request on a Client Access Server 4: Planning and Deploying Client Access Servers In this demonstration, you will see how to make a certificate request on a Client Access server Leave all virtual machines running for subsequent demonstrations. Preparation Steps To perform this demonstration, ensure that the 20341B-LON-DC1, 20341B-LON-MBX1, and B-LON-CAS1 virtual machines are running. Start each machine and sign in to it before starting the next virtual machine. Sign into all virtual machines using the Adatum\Administrator account with the password Pa$$w0rd. Important: Ensure that you start your virtual machines at least ten minutes prior to conducting the demonstration. Demonstration Steps On LON-CAS1, in Start, click Internet Explorer. Type and press Enter. Sign in as Adatum\Administrator with the password Pa$$w0rd. In the EAC, in the left navigation pane, click servers. In the right pane, click certificates. Click the + sign. In the Exchange Certificate – Windows Internet Explorer window, in new Exchange certificate wizard, select Create a request for a certificate from a certification authority, and then click next. In the Friendly name for this certificate, type mail.adatum.com and then click next. On the page containing the request for a wildcard certificate, do not make any changes, and click next. Click Browse. In the Select a Server window, click LON-CAS1, and click ok. Click next. (More notes on the next slide)

16 4: Planning and Deploying Client Access Servers
20341B 4: Planning and Deploying Client Access Servers On the next page, click Outlook Web App (when accessed from the Internet), and then click the pencil icon. In the Specify the domains for the above Access type, enter mail.adatum.com, and then click ok. Repeat steps 12 and 13 for items where <not specified> is in the DOMAIN column. Click next. On the next page, make sure that you have the following names in the list: mail.adatum.com, lon-cas1.adatum.com, autodiscover.adatum.com,LON-CAS1, and Adatum.com, and then click next. On the next page, fill in the following fields as follows: Organization name: A.Datum Department name: IT City/Locality: Seattle State/Province: WA Country/Region name: United States On the next page, type \\lon-cas1\C$\windows\temp\certreq.req, and click finish.

17 Securing a Client Access Server
20341B Securing a Client Access Server 4: Planning and Deploying Client Access Servers To secure a Client Access server: Install server certificates, and ensure that SSL is required Configure authentication settings: Integrated Windows authentication Digest authentication Basic authentication Forms-based authentication Protect the server with an application layer firewall Stress the importance of using server certificates with Client Access servers. If server certificates and SSL are not used, user credentials and message contents might be passed in clear text. While you discuss the authentication options, mention that the default configuration for Outlook Web App is to use forms-based authentication. Also explain the importance of implementing an application-layer firewall such as Threat Management Gallery (TMG) in front of Exchange Server. However, note that TMG is not fully supported with Exchange Server 2013.

18 Configuring the Client Access Server for Internet Access
20341B Configuring the Client Access Server for Internet Access 4: Planning and Deploying Client Access Servers To enable Internet access to Client Access services: Configure external URLs Configure the external DNS names Configure access to Client Access virtual directories Implement SSL certificates with multiple subject alternative names Plan for Client Access server access with multiple sites

19 Configuring POP3 and IMAP4 Client Access
20341B Configuring POP3 and IMAP4 Client Access 4: Planning and Deploying Client Access Servers Option Description Bindings Configure local server addresses Authentication Configure authentication options Connection settings Configure server connection settings Retrieval settings Configure message formats and calendar retrieval settings User access Configure whether a user can use the protocol Discuss the options for POP3 and IMAP4 protocols. If possible, show these options in Exchange Administration Center (EAC). Emphasize that both POP3 and IMAP4 services are disabled by default.

20 Lesson 3: Managing Client Access Services
20341B Lesson 3: Managing Client Access Services 4: Planning and Deploying Client Access Servers Demonstration: Configuring MailTips

21 Services Provided by the Client Access Server
4: Planning and Deploying Client Access Servers Services provided by Client Access server role: Autodiscover Availability MailTips Offline Address Book download Exchange Administration Center Exchange Web Services Outlook Anywhere Discuss the services that the Client Access server provides to the client. Do not spend too much time describing each service, as most of them are covered in later topics.

22 Autodiscover process:
20341B What Is Autodiscover? 4: Planning and Deploying Client Access Servers Autodiscover provides information that you can use to configure Outlook 2007 and newer client profiles Autodiscover process: Client Access Server registers the SCP Client uses LDAP query to AD DS to locate appropriate SCP Based on information in SCP, client locates the Autodiscover service on Client Access Server Client provides its SMTP address to the Autodiscover service and asks for appropriate configuration information The Client Access server responds by returning an XML file Outlook downloads the required configuration information from the Autodiscover service Outlook connects to the Exchange Server Describe the Autodiscover service and how it works. Explain why it is important to have it active, and the benefits it provides to clients. Make sure that the students understand how Autodiscover works in each step of the process.

23 Configuring and Managing Autodiscover
20341B Configuring and Managing Autodiscover 4: Planning and Deploying Client Access Servers To configure and manage Autodiscover settings you should: Use the Exchange Management Shell Configure site affinity for Exchange Servers in multiple sites Configure DNS records for external clients Use the Outlook Test AutoConfiguration feature to test Use the TestExchangeConnectivity website Discuss what you can configure for the Autodiscover and how to manage settings. Emphasize that in most configurations, Autodiscover will not require additional configuration and modifications.

24 What Is the Availability Service?
4: Planning and Deploying Client Access Servers The availability Service on Client Access server provides following: Retrieve live free/busy information for mailboxes in local or other Exchange organizations View the working hours of attendees Show meeting time suggestions Only Outlook 2007 or newer and Outlook Web App use the Availability service The Availability service is deployed by default on all Client Access servers The service does not need any configuration by default Stress that the Availability service is used only by Outlook 2007 or newer clients, and that the service fulfills the same role as the free/busy public folders used in Exchange Server 2003 and older versions of Outlook. When organizations are ready, they can disable the free/busy public folders and use the Availability service exclusively. To do this, organizations must use Exchange Server 2007, Exchange Server 2010, or Exchange Server 2013, and Outlook 2007 or newer versions.

25 The Exchange Server 2013 provides:
20341B What Are MailTips? 4: Planning and Deploying Client Access Servers MailTips provide information about a message delivery before the message is sent The Exchange Server 2013 provides: Default MailTips Custom MailTips The Client Access server provides the MailTips to the client MailTips were introduced in Exchange Server 2010, and the students may question the importance of this feature. To encourage them to think about this feature, ask them how much time they, or the help-desk personnel in their organization, spend troubleshooting nondelivery reports. Also ask the students how many of those nondelivery reports result from user mistakes, or because the sender was not aware of a particular limitation or setting. MailTips are designed to alert users about limitations or issues that may affect the delivery of the message, thus reducing help-desk calls. Mention that MailTips have some limitations when users send messages to distribution lists, and that MailTips have a maximum length.

26 Demonstration: Configuring MailTips
20341B Demonstration: Configuring MailTips 4: Planning and Deploying Client Access Servers In this demonstration, you will see how to configure MailTips After the demonstration, revert the virtual machines. Preparation Steps To perform this demonstration, ensure that the 20341B-LON-DC1, 20341B-LON-MBX1, and 20341B-LON- CAS1 virtual machines are running. If required, sign in to all virtual machines using the Adatum\Administrator account with the password Pa$$w0rd. Demonstration Steps On LON-CAS1, in the EAC, click recipients, and then click mailboxes. In the list of mailboxes, click on April Reagan, and then click on the pencil icon on the toolbar. In the April Reagan window, click MailTip. In the textbox for MailTip, type This person is on extended leave for April, and click save. Close Internet Explorer. Open Internet Explorer, and type Log on as Adatum\Don with password Pa$$w0rd. On the Language and time zone page, select English, make no changes to time zone, and click save. In the Outlook Web App window, click new mail. In the To field, type April, and press Tab. Ensure that the field is populated with April Reagan. Click in the Subject field. Ensure that the tip has appeared.

27 Lab: Deploying and Configuring a Client Access Server Role
4: Planning and Deploying Client Access Servers Exercise 3: Configuring Custom MailTips Exercise 1: Configuring Certificates for the Client Access Server As a messaging administrator in A. Datum Corporation, you have deployed the Exchange Server environment, and you are now working on configuring the Client Access servers. The organization has decided to use a certificate from the internal CA to secure all client connections to the server. You need to enable this configuration, and then you must make sure that Outlook clients can still connect to the server. Exercise 2: Configuring Client Access Services Options To prepare the Client Access server, you need to perform several configuration tasks, such as configuring the external access domain and POP3 service. The external domain name should be mail.adatum.com. You need to make sure that POP3 users can connect securely, and that connection limits should be applied as well as proper message formatting You also need to verify authentication options for virtual directories on the Client Access server. Exercise 3: Configuring Custom MailTips To reduce the number of users who require support, A. Datum is evaluating implementation of MailTips. You have been asked to configure some test deployments that implement MailTips, and you must verify that MailTips can be enabled in multiple languages. Virtual Machines B-LON-DC1 20341B-LON-CAS1 20341B-LON-MBX1 User Name Adatum\Administrator Password Pa$$w0rd Logon Information Estimated time: 50 minutes

28 20341B Lab Scenario 4: Planning and Deploying Client Access Servers You are working as a messaging administrator in A. Datum Corporation. Your organization has decided to deploy Client Access servers so that the servers are accessible from the Internet for a variety of messaging clients. To make sure that the deployment is as secure as possible, you must secure the Client Access server, and you also must configure a certificate on the server that will support the messaging client connections. In addition, you have to verify options on the Client Access server, and configure Mailtips for a few users.

29 20341B Lab Review 4: Planning and Deploying Client Access Servers Which service on the Client Access server supports certificate-based authentication? Question Why do we recommend that a certificate be issued from an internal CA to Client Access server? Answer An internally issued certificate for a Client Access server will not experience trust or revocation issues. Which service on the Client Access server supports certificate-based authentication? ActiveSync service is the only service that supports certificate-based authentication.

30 Module Review and Takeaways
20341B Module Review and Takeaways 4: Planning and Deploying Client Access Servers Best Practice Review Question Question What is the main difference between the Client Access server role in Exchange Server 2010 and Exchange Server 2013? Answer The Client Access server role in Exchange Server 2013 just proxies client connections to the Mailbox server. It is a stateless server, with very limited transport components. Best Practice If possible, make the Client Access server highly available or redundant. Provide a public certificate for Client Access server that is exposed to the Internet to avoid trust issues. Do not place Client Access server in the perimeter network. Use an application-layer firewall and reverse proxy to publish it securely. Make sure that the Client Access server has a fast and reliable connection to the Mailbox server and the AD DS domain controllers.

Download ppt "Planning and Deploying Client Access Servers"

Similar presentations

Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.

Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Implementing and Administering AD FS

Implementing and Administering AD FS
Implementing Domain Name System

Implementing Domain Name System
Course 6425A Module 2: Configuring Domain Name Service for Active Directory® Domain Services Presentation: 50 minutes Lab: 45 minutes This module helps.

Course 6425A Module 2: Configuring Domain Name Service for Active Directory® Domain Services Presentation: 50 minutes Lab: 45 minutes This module helps.
IMAP migration Cutover migration Staged migration 2010 Hybrid2013 Hybrid Exchange 5.5 Exchange 2000 Exchange 2003 Exchange 2007 Exchange 2010 Exchange.

IMAP migration Cutover migration Staged migration 2010 Hybrid2013 Hybrid Exchange 5.5 Exchange 2000 Exchange 2003 Exchange 2007 Exchange 2010 Exchange.
Implementing High Availability

Implementing High Availability
Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.

Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
TechEd 2013 4/20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Hosted Exchange 2007. The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
Deploying and Managing Windows Server 2012

Deploying and Managing Windows Server 2012
© 2006 Global Knowledge Training LLC All rights reserved. Deploying Outlook 2003 Configuring Clients Outlook 2003 Security and Performance New Outlook.

© 2006 Global Knowledge Training LLC All rights reserved. Deploying Outlook 2003 Configuring Clients Outlook 2003 Security and Performance New Outlook.
Chapter 7: Using Windows Servers to Share Information.

Chapter 7: Using Windows Servers to Share Information.
Implementing DNS Module D 7: Implementing DNS

Implementing DNS Module D 7: Implementing DNS
Module 8: Managing Client Configuration and Connectivity.

Module 8: Managing Client Configuration and Connectivity.
Back to content Final Presentation Mr. Phay Sok Thea, class “2B”, group 3, Networking Topic: Mail Client “Outlook Express” *At the end of the presentation.

Back to content Final Presentation Mr. Phay Sok Thea, class “2B”, group 3, Networking Topic: Mail Client “Outlook Express” *At the end of the presentation.

Similar presentations

Ads by Google