Beruflich Dokumente
Kultur Dokumente
Summary: This guide provides key materials for evaluating Microsoft Exchange Server 2007, including product details, installation instructions, and a guided tour.
Copyright
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This document may be changed substantially prior to final commercial release of the software described herein.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
Microsoft, Active Directory, ActiveSync, Excel, Hotmail, Outlook, PowerPoint, SharePoint, Windows, the Windows logo, Windows Mobile, Windows Server, Windows Server System, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Table of Contents
Welcome .......................................................................................................... 7 Whats New in Exchange Server 2007? ............................................................ 8 Exchange Server 2007 Feature Review .......................................................... 11 Key Features at a Glance ........................................................................... 11 Anywhere Access ...................................................................................... 17 Built-In Protection .................................................................................... 54 Microsoft Exchange Server Product Line ................................................... 70 Conclusion................................................................................................. 75 Getting Started............................................................................................... 77 Install Exchange Server ............................................................................ 77 Install Microsoft Office Outlook 2007 ........................................................ 89 Install Forefront Security for Exchange Server.......................................... 89 Guided Tour.................................................................................................... 91 Operational Efficiency ............................................................................... 92 Anywhere Access ...................................................................................... 96 Built-In Protection .................................................................................. 104 Appendix ...................................................................................................... 108 Installing a Domain Controller ................................................................ 108 Connecting Outlook 2007 to Exchange Server ......................................... 113 Connecting a Mobile Device to Exchange Server...................................... 116 Sources for Quotes .................................................................................. 117
Welcome
Welcome to the Microsoft Exchange Server 2007 Evaluator's Guide. This document will introduce you to the newest release of Exchange Server and help you evaluate its capabilities. The guide is divided into four sections: Whats New Feature Review Getting Started Guided Tour A summary of whats in the release Product details and screenshots Step-by-step installation instructions A hands-on tour of the product
To limit the length of this guide, features are discussed at a high level. To learn more about a specific product feature, refer to the Exchange Server 2007 Help files, which are publicly available as part of the Exchange Server 2007 Library on TechNet: http://www.microsoft.com/technet/prodtechnol/exchange/2007/ These files are also available once you have completed product installation by clicking: Start All Programs Microsoft Exchange Server 2007 Exchange Server Help
Anywhere Access
More than one-half of all online consumers say they check their work e-mail outside the office.
- Jupiter Research1
As workforces become increasingly mobile, employees require the flexibility to access their inboxes regardless of where they may be. They need an integrated, seamless way to access their vital business communications. Exchange Server 2007 provides new communication and collaboration tools that align with the changing work habits of todays workforce, enabling quick response times that are critical to business success:1
Exchange Unified Messaging gives employees a single inbox where they can access all their important communicationsincluding voice mail, fax, and e-mail and avoid the effort of maintaining separate systems. Enhanced mobile device support delivers a familiar Microsoft Office Outlook experience on an increasing number of mobile devices with no requirement for extra software or services other than an Internet connection. Improved Outlook Web Access offers users the rich and familiar interface of Outlook 2007 from within a web browser. A new Scheduling Assistant streamlines meeting planning by visually presenting the best times for booking attendees, rooms, and resources.
Operational Efficiency
35 billion e-mail messages are generated every business day; up from 10 billion per day five years ago.
- IDC
The growing volume of e-mail messages coupled with e-mails mission critical role in many businesses places heavy demands on IT administrators. New tools in Exchange Server 2007 help enable IT administrators to be efficient and productive as they manage the messaging environment:2
Exchange Management Console offers administrators a graphical environment with less nesting, a new action pane, and easy ways to filter large lists of objects. Exchange Management Shell lets administrators manage all aspects of Exchange via a command linemaking it easy to automate routine and repetitive tasks.
1 2
Please refer to the appendix for the source of this and all other quotes in the document
10
Outlook Autodiscover provides automatic client configuration to simplify Outlook mailbox setup, avoiding end-user confusion and reducing one of the most common helpdesk inquiries. Server roles simplify the process of installing Exchange Server, reduce the need for manual configuration, and provide a highly scalable architecture. 64-bit architecture allows organizations to increase mailbox quotas and minimize per-mailbox storage costs. Storage throughput requirements are reduced and a wider variety of storage systems can be used. Exchange Web Services provides a new standards-based API that allows developers to readily integrate Exchange Server with line of business and serviceoriented applications.
Built-In Protection
An estimated 55 billion email spam messages were sent each day in June 2006, an increase of 20 billion per day from June 2005.
- Answers.com
Companies today face increasing spam and virus threats as well as growing regulatory and corporate compliance requirements. In an environment where organizations are focused on protection and compliance, Exchange Server 2007 delivers functionality to help maintain the security of the messaging environment:
Built-in anti-spam technologies provided by Exchange Server 2007s Edge Transport server role use a multi-pronged approach to help block unwanted messages and provide enhanced protection against phishing attacks. Exchange Hosted Filtering and Microsoft Forefront Security for Exchange Serverboth available with the Exchange Server 2007 Enterprise Client Access Licenseprovide hosted and on-premise options for advanced anti-spam and antivirus protection. Continuous Replication keeps redundant copies of an Exchange Server database upto-date via log shipping. This allows fast recovery from database, server, and datacenter failures, while reducing the need for tape backups. Transport rules allow IT administrators and compliance officers to establish and enforce regulatory or corporate policies on both internal and outbound e-mail, voice mail, and fax messages.
11
Collaboration and Productivity Scheduling Assistant New A Scheduling Assistant provides visual guidance on the best dates and times to meet, based on the schedules of invitees and resources. Server-side meeting processing means that the Outlook client no longer has to be running for the users calendar to remain up-to-date. Meetings are updated without sending redundant notices, reducing inbox clutter. Resource Booking Attendant Schedulable Out of Office New New Rooms and equipment are specially marked in the Address Book so they can be browsed separately and given custom properties and permissions. Out of Office messages can be scheduled to begin and end at given dates/times. Separate messages can be set for internal and external recipients. Improved Search in Exchange Server 2007 was rewritten using Microsoft Search 3.0 advancements. Mailboxes are fully indexed by default, and indexing is substantially faster than in earlier versions of Exchange. Calendar Permissions Improved Calendar item details can be more flexibly shared with others (for example, showing only the name of a meeting or appointment, not the full details). 23 22 21 20 18
Calendar Attendant
New
19
Improved Search
Web-Based Messaging Enhanced Outlook Web Access Experience WebReady Document Viewing New Improved Outlook Web Access has been rebuilt from the ground up to provide a rich, browser-based experience with the updated look and functionality of Outlook 2007, including scheduling assistant, categories and flags, and search enhancements. A new option in Outlook Web Access converts documents (Microsoft Office Word, Excel, PowerPoint, and PDF) into HTML so they can be viewed even if the application that created the document is not installed on the client. New When a user receives a link to a document on a SharePoint site or file share, Exchange Server 2007 uses LinkAccess to retrieve and display the documentno VPN or tunnel required. Two-factor authentication support is improved, and administrators can require documents to be viewed as HTML for greater security on public kiosks. 28 28 24
LinkAccess
Improved Security
Improved
28
12
Feature
New/ Improved
Improved
Description
Page
Increased client caching reduces server roundtrips, decreasing bandwidth usage and providing an improved user experience over slow connections.
29
Unified Messaging One Inbox for Email, Fax, and Voice mail New Exchange Server 2007 seamlessly delivers e-mail, voice mail, calendar items and faxes into users inboxes. This unification improves employee productivity by simplifying access to common types of communications. New Exchange Server 2007 can answer the telephone and record a message whenever the users phone goes unanswered or is busy. Fax receiving capabilities provide the ability to answer a fax call, receive a fax, and deliver it to the users inbox. Using Outlook or Outlook Web Access, users can reset their voice mail PIN, reducing a major source of helpdesk requests. An Auto-Attendant provides professional switchboard-like capabilities, with integrated speech recognition and the ability for callers to search the company directory. Users can access their Exchange mailboxes using any telephone, hearing their e-mail and calendar entries and taking action on them using either speech or touch tone commands. Organizations that deploy Exchange Server 2007 in conjunction with Office Communications Server 2007 benefit from a unified platform that handles synchronous and asynchronous communications in a seamless way. Deploying Exchange Unified Messaging allows organizations to consolidate their voice mail and e-mail infrastructures. It builds on a companys existing investments in Active Directory to provide a single management experience and integrated security policies across voice mail, e-mail and fax. 30 29
Fax Receiving
New
31
New
31
New
32
New
32
New
33
New
34
Mobile Messaging Exchange ActiveSync (Direct Push) Improved Mobile devices that incorporate Exchange ActiveSync technology maintain a connection with the server, receiving any new or updated e-mail, calendar items, contacts, or tasks as soon as they arrive on the server. If a device is lost or stolen, the user can clear the contents of the mobile device or reset the devices password via Outlook Web Access. Administrators can set per-user device policies, such as allowing/disallowing attachments and specifying PIN expiration. Searching from a mobile device queries the local device as well as the user's entire mailbox on the Exchange Server. 35
New
36
Improved
36
New
37
13
Feature
New/ Improved
New New
Description
Page
Flags for e-mail triage are fully supported for mobile devices. Rich HTML mail for mobile devices is supported. Replying to an e-mail will preserve the HTML formatting for all other users in the thread.
37 38
New
If a user clicks on a long message or attachment, the device fetches the necessary data without reloading the entire message.
38
Improved
The richness of calendaring capabilities on mobile devices is enhanced, allowing users to take more actions on meeting requests and manage Out of Office messages. When a mobile device user receives a link to a file share or Windows SharePoint Services site, Exchange Server 2007 uses LinkAccess to retrieve and display the document no VPN tunnel is required.
39
New
39
Operational Efficiency
Feature New/ Improved Description Page
Easy and Efficient Deployments Server Roles New A modular system of five server roles reduces the time required for installation; minimizes manual configuration by the administrator; and increases security by limiting the surface area available for attack. Exchange Best Practices Analyzer (ExBPA) Improved Now embedded in setup and available through the Exchange Management Console toolbox, Exchange Best Practices Analyzer not only identifies configuration discrepancies that may lead to service outages and reliability problems, but also assists with deployment and set-up. New Configuring Outlook 2007 to connect with Exchange Server is easier than ever. If the user is logged on to the network, Exchange Server 2007 automatically configures the users Outlook profile. Administrators can monitor their Exchange servers using specially designed management packs for Microsoft Operations Manager 2005 and Systems Center Operations Manager 2007. Rules in these management packs align directly with Exchange Server 2007 server roles. All mailbox migration tools have been combined into a single, comprehensive tool that allows administrators to perform intraor inter-organizational migrations, minimizing complexity. 43 42 41
Outlook Autodiscover
Improved
44
Improved
45
14
Feature
New/ Improved
Description
Page
Administrator Productivity Exchange Management Console Improved A redesigned graphical user interface simplifies the navigation tree down to 3 layers of depth, with actions easily discoverable through a new action pane. Management and troubleshooting tools can be launched from a single toolbox. New A new command-line interface, based on Windows PowerShell, allows administrators to automate routine and repetitive tasks. 47 46
Improved
Permissions become more granular and straightforward to manage. The permissions model enables a set of new, predefined administrator roles.
48
Scalability and Performance 64-bit Architecture New Now a native 64-bit application, Exchange Server can access more memory, helping ensure high performance and reliability as mailbox sizes and the number of user accounts per server increase. Exchange Server supports IPv6 when Exchange Server 2007 SP1 is deployed on Windows Server 2008. The complexity of the Exchange routing topology has been reduced by building on existing Active Directory sites. Routing groups are no longer needed. New and improved troubleshooting tools in the Exchange Management Console toolbox help diagnose and remediate performance problems, and are kept current via integration with Microsoft Update. 50
IPv6 Support
New
50
New
51
Improved
51
Extensibility Web Services API New An extensible web services platform allows developers to embed mailbox or calendar information within line-of-business or other custom applications. Developers can easily embed Outlook Web Access (OWA) functionality into their portal applications using OWA Web Parts. 53
Improved
53
15
Built-in Protection
Feature New/ Improved Description Page
Layered Anti-Spam/Antivirus Protection Edge Transport Server Role Exchange Hosted Filtering New New Anti-spam filtering is available out of the box, handled by the Edge Transport server role at the networks perimeter. Operating in the Internet cloud as a hosted service, Exchange Hosted Filtering employs multilayered defenses to help block email viruses, spam, and malware at the organizations gateway. New To augment the capabilities of the core Exchange platform, Microsoft Forefront Security for Exchange Server offers an additional layer of on-premise protection from viruses and spam. Improved Flexible APIs allow messages to be scanned in transport as well in the mailbox store by one or more antivirus engines. In addition, inbound and outbound attachment stripping can be enabled by the administrator. 62 60 59 55
Antivirus extensibility
Business Continuity Local Continuous Replication New A copy of the Exchange database can be placed on a second disk set, where it is automatically kept up-to-date via log shipping. In the event of a disk failure or data corruption, the administrator can quickly switch to the copy database, offering an economical way to achieve greater uptime. New High availability with automated failover can be achieved using continuous replication in an active/passive cluster. Data is copied from active to passive server nodes via log shipping. Shared storage is not required, so nodes can be located in separate geographies. Each Exchange database can be replicated to a remote standby server, making the e-mail environment resilient to the failure of an entire datacenter. Server patching and updating can be automated using Microsoft Update on the Web, Windows Update Server on-site, or Microsoft Systems Management Server. 63 63
New
64
Improved
64
Confidential Messaging Intra-organization Encryption New E-mail inside the organization is automatically encrypted by default from the sender's e-mail client to the recipient's e-mail client. Connections between hosts that support Transport Layer Security (TLS) are automatically encrypted, requiring no administrator action. Exchange automatically supports TLS using built-in certificates. 64
New
65
16
Feature
New/ Improved
Improved
Description
Page
Message classification
Administrators can use transport rules to apply message classifications to e-mails in transit, based on subject, content, or sender/recipient address. Users can view messages protected by Windows Rights Management Services (RMS) without waiting for Outlook, OWA, or their mobile device to download the license, because Exchange Server fetches it in advance.
65
New
65
New
Organizations can enforce enterprise, governmental, and legal requirements through a sophisticated e-mail flow control and policy engine. With Managed Folders, users can organize messages into folders that are pre-defined by the administrator. An automated process scans these folders to retain, expire, or journal messages based on compliance requirements. Administrators can journal e-mail on a per-database, perdistribution list, per-user, or org-wide basis. Journaling can be customized based on sender, recipient, or message content. Administrators can perform fast, full-text search across all mailboxes in their organization if the need for legal discovery arises.
66
New
66
Flexible Journaling
Improved
68
Multi-Mailbox Search
New
69
17
Anywhere Access
At least 40 percent of the work in typical medium to large companies can be done without a physical office presence, at least part of the time.
- Gartner
Exchange Server 2007 helps deliver anywhere access to e-mail, voice mail, calendar, and contactsnot just from the desktop, but also via the Web, on mobile devices, and even from a standard telephone. By offering a consistent Outlook user experience across these functions, Exchange Server 2007 increases the agility of todays highly mobile workforce.
18
19
A color-coded calendar shows the availability of meeting participants. Preferred days are shown in white. Darker shades of blue indicate days with more conflicts.
Within each day, a list of suggested times to meet is shown. The times that accommodate the most required attendees are listed first. Further down, the timeslots become progressively less desirable.
Users can provide their standard working hours, and the Scheduling Assistant will not suggest any meetings outside of these work hours. This is particularly useful when scheduling meetings across time zonesfor example, when a company has offices around the globe. Calendar Attendant Server-side, always-on meeting processing has been added to Exchange Server 2007, so Outlook no longer has to be running for a users calendar to remain current. A new Calendar Attendant reduces redundant meeting notices and ensures schedule accuracy by: Tentatively placing new meetings on the calendar even when a user is not logged on. This helps prevent others from mistakenly scheduling conflicting meetings. This also means that the users calendar is up-to-date when accessed from any client: Outlook, Outlook Web Access, Outlook Voice Access, or a mobile device. Automatically updating existing meetings with new information. Out-of-date meeting requests and schedule updates are automatically removed from attendees mailboxes, reducing inbox clutter. Marking changes to meeting details so the user can clearly see what has changed. Automatically notifying the organizer if an attendee forwards the meeting. Employees who used the new Scheduling Assistant found the best available time to schedule a meeting in approximately 28 seconds; a 77% reduction.
- Microsoft internal usability study
Figure 4: Meeting request with updated location and time, in Outlook 2007
20
Resource Booking Attendant The Exchange Server 2007 Resource Booking Attendant makes logical decisions regarding how resources such as rooms and equipment should respond to invitations. Acceptance and decline messages are generated based upon policies defined for the room and whether it is already in use. Custom response messages can be set up for each resource. For example, a message response can provide extra information about the policies of the room and indicate a contact person. The Resource Booking Attendant can: Automatically accept and decline meeting requests Limit resource availability to specified hours Limit who can book a resource through booking roles*
Enforce maximum meeting duration* Forward out-of-policy requests to delegates for approval* Store custom response messages for each resource* Provide conflict information for declined meetings*
* New behavior for Exchange Server 2007 With Exchange Server 2007, resources such as rooms and equipment are marked in the Address Book so they can be browsed separately from people. They can be assigned custom properties such as TV, Internet connection, and Projector. Users can then search for a room that fits their needs using these resource properties.
21
Schedulable Out of Office With Exchange Server 2007, Out of Office messages can be scheduled in advance, with specific start times and end times. Separate Out of Office messages can be configured for internal and external users. Junk email and mailing list awareness prevents external Out of Office messages from being sent to extended mailing lists and spammers. If desired, administrators can restrict the set of users who are allowed to send external Out of Office messages. Out of Office messages in Exchange Server 2007 can be formatted as rich HTML messages, with hyperlinks rather than plain text. Exchange Server 2007 also gives users the ability to set Out of Office messages from a mobile device.
22
Improved Search The search platform used in Exchange Server 2007 was upgraded from Microsoft Search 2.0 to version 3.0. This is the same search technology used in Microsoft SQL Server 2005. Indexing has changed from a "crawl" model to an "always up to date" model, and the indexing system was rewritten to communicate more efficiently with the Exchange information store. The end result is a dramatic improvement in indexing speed. Previously, search indexing in Exchange was disabled by default because it used so many resources. In Exchange Server 2007, search indexing is enabled by default, and imposes only a minor tax on system resources, taking a small percentage of CPU in steady state. The search crosses not only the text of the message but attachments as well. Whether the user is searching using Outlook, Outlook Web Access, or a mobile device, information on the server can be found quickly and intuitively.
Figure 7: Search results in Outlook 2007
With advancements in Outlook 2007, client-side searching in Outlook is faster as well. When Outlook 2007 runs in Cached Exchange Mode3, it utilizes the new instant search mechanism that is built into Windows Vista and can be downloaded for earlier versions of Windows. The instant search begins to retrieve and display results while the user is still typing the search term.
In Cached Exchange Mode (first introduced with Outlook 2003 and Exchange Server 2003) all user messages are downloaded in full from the server to Outlook.
23
Calendar Permissions Exchange Server 2007 gives individuals new levels of control over how they share information from their calendar with others. Four levels of sharing are provided: 1. Share nothing 2. Share free/busy information 3. Share limited detail, including subject and location of meetings 4. Share full calendar details The user can set a default policy and then chose custom levels of sharing with particular individuals in their organization. For example, an employee might choose to share only free/busy information by default, but allow friends and team members to see the subject and location of appointments as well.
Figure 9: View of free/busy information plus limited detail in the Scheduling Assistant
24
Web-based Messaging
For users who need Web-based access to their email, calendar, contacts, and tasks, Outlook Web Access offers the familiar interface of Outlook on any computer with an Internet connection and a Web browser. Outlook Web Access has been rebuilt from the ground up to serve as a close companion to Outlook 2007, and includes advancements in document access, security, search, and performance. Enhanced Outlook Web Access Experience Outlook Web Access has been an AJAX application since its first release with Exchange Server 5.5. In Exchange Server 2007, Outlook Web Access uses the latest advancements in web technologies to provide a rich Outlook-like experience, including full support for meeting scheduling, categories, and flags. New features in Outlook Web Access allow users to: y y y y y y Schedule Out of Office messages with specific start and end times Search the Global Address List Use the Scheduling Assistant to efficiently book meetings Access SharePoint documents without a VPN Access RSS subscriptions Retrieve voice mail and fax messages through unified messaging integration By 2007 telework will be practiced by more than 60 million people.
- Gartner
25
Other improvements to Outlook Web Access include: y y y y y A significantly improved spell-check experience In-line notifications that function when pop-up blockers are enabled Quick meeting reply options (accept/tentative/decline) Ability to view distribution list memberships Quick access to disk usage by hovering over the root of the mailbox store
26
Quota at a Glance
27
Outlook Web Access Light Outlook Web Access is optimized for Internet Explorer versions 6 and 7. The Light version of Outlook Web Access supports a diverse set of browsers (Firefox, Safari, Opera, Netscape, IE 7, IE 6, IE 5.5, 5.1, and 5.2) and operating systems (Windows Vista/XP/2000/Me/98, Mac OS X, and Linux). It works in locked-down browser modes, such as those implemented on public kiosks, and on computers with strict pop-up blocking policies or no frames.
Certain features, such as spell check, conversation view of e-mail threads, and account quota information are not available when using the Light version. However, the Light version offers faster logon times for slow connections, and offers the best accessibility possible for blind (screen reader) and low-vision (high contrast settings) users.
28
WebReady Document Viewing WebReady Document Viewing converts documents (Word, PowerPoint, Excel, and PDF) into HTML so they can be viewed in a web browser.
This has two advantages: If the user is on a kiosk that does not have Microsoft Office or Adobe Acrobat installed, he or she can still see the document. Also, the original document does not have to be downloaded, so the user does not leave behind sensitive information after logging off a shared computer. Administrators can require users to view attachments with WebReady Document Viewing to avoid information being left behind on public kiosks. Support for Microsoft Office 2007 document formats was added in Exchange Server 2007 Service Pack 1. LinkAccess When an Outlook Web Access user is outside the corporate network, receiving a document link that references a Windows SharePoint Services site or file share can be problematic. Normally, a VPN connection is required to access the content. However, in Exchange Server 2007, a user can click the link and retrieve the document without tunneling in to the corporate network. Exchange Server 2007 does this by proxying the users request and retrieving the document on behalf of the user. If the link points to a document library or folder rather than a specific document, the user can also navigate through the contents of the library or shared folder. No VPN connection or tunnel is required. To maintain security of the content on the network, administrators can specify which servers are eligible for LinkAccess within the Exchange Management Console. Improved Security Outlook Web Access is more secure than ever. During installation of the Client Access server role, Exchange automatically generates a self-signed SSL certificate to protect Outlook Web Access traffic. This occurs by default and requires no administrator intervention.
29
Two-factor authentication support in Outlook Web Access is improved, with support for mechanisms such as digest authentication, certificate-based authentication, NTLM, and smartcard authentication. Outlook Web Access has also been re-architected to allow for easy deployment of client certificate authentication, and supports ISA 2006 formsbased authentication with RADIUS. Optimized Web Experience In Exchange Server 2007, Outlook Web Access performance is improved, resulting in decreased latency. These improvements come from incremental UI rendering, Gzip compression, and increased client-side caching to reduce round trips to the server. Additionally, a new notification mechanism enables new e-mails to appear in the Outlook Web Access list view without the need to refresh the browser window.
Unified Messaging
Unified Messaging in Exchange Server 2007 lets 7 out of 10 phone calls go users access all of their vital business direct to voice mail. communications, including e-mail, voice mail, and - Gartner fax messages, from a single inbox. This unified inbox can be accessed from Outlook, Outlook Web Access, and a variety of mobile devices. Using Speech Server technology originally developed by Microsoft Research, Unified Messaging provides a speech-enabled AutoAttendant to route in-bound calls and provide voice access to e-mail, calendar, and contacts. Unified Messaging is included as part of the Exchange Enterprise Client Access License (CAL). Exchange Unified Messaging also benefits IT administrators, combining e-mail, voice mail, and fax systems into a single infrastructure for simpler management. Organizations can build on their existing Active Directory investments and apply common compliance and archiving policies for all message types. One Inbox for E-mail, Fax, and Voice Mail Many knowledge workers spend a large portion of their workday using Microsoft Outlook or Outlook Web Access. With Unified Messaging, users can access voice mail and fax messages without leaving the Outlook environment. Microsoft Office Outlook 2007 and Outlook Web Access 2007 display voice mail and fax messages in the inbox with other message types. Unique icons identify each type of message. Unified Messaging also enables users to access this unified inbox from any mobile device that supports the Exchange ActiveSync protocol. Employees are able to respond more quickly to requests, adding tangible business value.
Figure 14: Outlook Web Access inbox with multiple message types
30
Voice Mail System Exchange Server 2007 includes a full-featured voice mail system that handles calls routed from the PBX. When the users phone is busy or rings without answer, the Exchange Server voice mail system plays a greeting, records the message, and stores it in the users inbox. Voice mails are compressed so that a typical 30-second voice mail is approximately 30 Kilobytes.
Special controls in the message body give users ways to interact with the message: for example, users can skip to the end of a voice mail or adjust message volume using the embedded media player. An Audio Notes text box lets users tag voice mails with typed notes rather than jotting these on paper. These notes are searchable along with other message types.
Exchange Server uses Caller ID information to identify the caller and display contact details.
When a user is in a public place such as an airport, coffee shop, or cubicle, a Play on Phone button enables messages to be played over a telephone rather than through computer speakers. The user can specify any phone number for Exchange Unified Messaging to call. The voice mail is played when the user picks up the phone.
When someone calls but leaves no message, Exchange Unified Messaging provides a missed call notification in the inbox of the intended recipient, similar to that provided by mobile phones.
31
For both missed call notifications and voice mails, Caller ID information is matched against phone numbers in the organizations Global Address List to display the callers identity. When a match is not found, the users Personal Contacts are also searched, so Caller ID works for friends, family, and business contacts too. Fax Receiving Exchange Unified Messaging answers fax calls and saves fax messages to a users Exchange inbox, where the image can be reviewed using Outlook, Outlook Web Access, or a mobile device. This centralizes the management of inbound fax services within the Exchange infrastructure. There are three ways that fax receiving can be configured: A user can have a fax number that is the same as his or her phone number. Fax calls to the users desk phone are picked up after going to voice mail. A user can have separate phone and fax numbers. The fax number is answered by the Unified Messaging server without ringing the users extension. A company can have a central fax number Figure 18: Fax message in Outlook 2007 for all employees. In this scenario, faxes are received at a central mailbox, and then manually routed to user mailboxes by administrative staff.
Self-Service Voice Mail Support Using Outlook or Outlook Web Access, a user can reset his or her voice mail PIN, set a voice mail greeting, record an out of office voice message, and specify which mailbox folder to access when calling in by phone to hear e-mail messages. By offering self-service voice mail support through Outlook and Outlook Web Access, administrators can reduce a major source of helpdesk calls typical of traditional voice mail systems.
Figure 19: Reset Voice Mail PIN page in Outlook Web Access
32
Speech-Enabled Automated Attendant Exchange Server 2007 provides a central automated attendant for any company using Exchange Unified Messaging. Incorporating Speech Server technology originally developed by Microsoft Research, the Automated Attendant gives even the smallest company professional, switchboard-like capabilities. The Auto-Attendant allows users to customize the default greeting, and can provide additional greetings such as hours of operation or directions. The Auto-Attendant also offers customized choices for connecting directly to individuals or departments via touchtone commands, speech recognition or both (e.g. "Press or say one, for sales"). With the integration of speech recognition and directory search using the Global Address List (GAL), callers can use voice commands to search for and connect to specific people. Because of the GAL integration, companies can get a whole-company voice directory with minimal administrator configuration. Outlook Voice Access Exchange Server 2007 supports dial-in voice access from any telephone so users can hear their e-mail and calendar read aloud using textto-speech technology. Users can access their main mailbox items (e-mail, calendar, personal contacts, and company directory), and interact with them using key pad or speech commands. For example, a user who is running late for a meeting can use a standard telephone to access his or her calendar and send an Ill be late message to all meeting participants, indicating Figure 21: I'll be late message, how many minutes behind schedule they are. sent using Outlook Voice Access If desired, the user can also attach an audio message to the Ill be late message. Similar commands allow users to cancel an upcoming meeting or clear all meetings for a specified period of time.
33
With Outlook Voice Access, employees can use a standard telephone to triage their email. E-mail messages from the inbox are read aloud and the user can use voice commands to flag messages for follow up, delete messages, or forward them to other users. All of this can be accomplished hands-free, making a portion of previously lost time, such as commuting, productive.
The average American spends over 100 hours a year commuting to work (one-way), more time than they spend on vacation.
- U.S. Census Bureau
Outlook Voice Access has text-to-speech support in 16 languages and dialects, with localized prompts in each language. Speech recognition is available in English (US, UK, and Australian varieties). Here is a sample of commands available to users in Outlook Voice Access:
Calendar Ill be late Cancel meeting Clear my calendar Attendance details Meeting details
E-mail Delete message Forward message Reply (with audio attachment) Call the sender Mark as unread Flag for follow-up Hide conversation
Directory/Personal Contacts Call the office Call the home Send a message (audio attachment) Play details Find another contact
Integration with Office Communications Server 2007 Exchange Server 2007 can be deployed with Office Communications Server (OCS) 2007 to provide an integrated platform for unified communications. Exchange Server manages asynchronous communications, such as e-mail, voice mail, faxes, and calendaring. Office Communications Server 2007 manages real-time (synchronous) communications, including instant messaging, rich presence, VoIP, and audio/video conferencing. The two solutions work together to provide users with a seamless communications experience. For example, when Exchange Unified Messaging is deployed with OCS 2007, a message waiting indicator in Office Communicator and the system tray alerts users to new voice mails. Users can connect to Outlook Voice Access with one click (no PIN entry required) from Office Communicator to hear new messages and manage voice mail settings. They can divert incoming calls to voice mail selectively or on a standing basis. Presence information, such as busy, in a meeting, and out of office is automatically updated for users based on the meetings and appointments stored in their Exchange Server calendars.
34
Consolidated Infrastructure Traditional voice mail and unified messaging systems typically require dedicated systems to be deployed at each office location. Often these systems are tightly coupled with a particular telephone switch or PBX. In companies with multiple offices, especially those that have expanded through mergers and acquisitions, this means that separate and incompatible systems must be managed at each office. Exchange Unified Messaging allows organizations to centralize and consolidate their voice mail infrastructure in much the same way that the capabilities of Exchange Server 2003 allowed them to consolidate their e-mail systems. A single pool of Exchange Servers running the Unified Messaging role can service multiple locations, PBX brands, and languages. This enables administrators to consolidate voice mail infrastructure in one or a few central locations.
Figure 23: VoIP gateway connecting a legacy PBX to an Exchange Unified Messaging server
For sites that have a supported IP-PBX, no additional equipment needs to be deployed in order to connect the PBX to Exchange Server. For sites that have a traditional PBX, only an inexpensive VoIP gateway appliance is needed. In this way, even if a variety of PBX brands are in use across geographically disparate offices where different languages are spoken, an organizations voice mail systems can still be centralized. Consolidating voice mail systems with Exchange Unified Messaging allows organizations to build upon their existing investments in Active Directory, which eases day-to-day management tasks (such as adding users and maintaining user directories) and allows administrators to enforce a single set of security policies across messaging systems. Microsoft has partnered with Dialogic (which acquired Intels Media and Signaling business) and AudioCodes to test interoperability for VoIP gateways with Exchange Unified Messaging. Examples of traditional PBXes supported via these gateways include Nortel Median, Avaya DEFINITY, Siemens, Mitel, and NEC PBXes.
35
Mobile Messaging
Exchange Server 2003 Service Pack 2, released in late 2005, introduced Direct Push enhancements to Exchange ActiveSync, added substantial security enhancements, and provided functionality that once required third-party products and monthly licensing fees. Exchange Server 2007 builds upon the mobility features introduced in Exchange Server 2003 SP2. Exchange ActiveSync (Direct Push) Like Exchange Server 2003 with Service Pack 2, Exchange Server 2007 offers a fast and reliable e-mail experience using Exchange ActiveSync (Direct Push) Technology. Mobile devices that incorporate Exchange ActiveSync maintain a connection with the Exchange server, and receive any new or updated e-mail, calendar items, contacts, or tasks as soon as they arrive on the server. This push method optimizes bandwidth usage while keeping information up-to-date. Other wireless e-mail solutions typically include a third-party product in addition to the core messaging server, which requires additional expense and potentially impacts the scalability of the core messaging environment. Exchange Server 2007 eliminates the need for these third-party products, which greatly reduces costs and enables organizations to expand mobile access to more of their users. Users can get a familiar experience on a range of mobile devices without requiring the organization to deploy third-party software or services. The Exchange ActiveSync protocol is used by Windows Mobile and also licensed to Nokia, Symbian, Motorola, Sony Ericsson, Palm, DataViz, Helio, Remoba, and Big Bang Systems. Each licensee can choose how and when to implement the device-side components of the new features provided by Exchange Server 2007. By the end of 2008, half of all employees who access e-mail via PCs will also have access to wireless e-mail.
- Gartner
Nearly 90% of professionals will carry mobile devices capable of receiving email by 2008.
- Radicati Group
36
Self-Service Device Wipe and Device Password Reset Exchange Server 2003 Service Pack 2 introduced the ability for e-mail administrators to remotely wipe a device of all data if it is lost or stolen. In Exchange Server 2007, users can initiate a remote wipe from Outlook Web Access, allowing greater device security with less helpdesk cost. A confirmation message is sent to the user when the mobile device acknowledges the remote wipe request.
Users can also recover their mobile device passwords through the Options page in Outlook Web Access. There is no need to completely reset a device or bring the device back to the helpdesk, which are expensive and time-consuming operations for the user and the administrator. Device Security and Management Exchange Server 2003 Service Pack 2 gave administrators the ability to enforce security policies on all mobile devices that connect to the mail server. These controls become granular with Exchange Server 2007. Policies can be organized by group and then applied on a per-user basis.
Security policies in Exchange Server 2007 allow administrators to enforce mobile device policies that protect their organizations data. These policies can: y y Require users to enter a PIN to access their devices Delete all data from device after a specified number of failed PIN entries Require local encryption of data Disallow downloading of attachments Specify maximum size of downloaded attachments Enable/disable password recovery Specify timeout period
y y y
y y
37
Additional policies introduced in Service Pack 1 allow the administrator to: y Allow/block the installation of specific applications Disable Bluetooth, WiFi, and infrared Prohibit use of camera phones and removable storage Disallow use of web browser and consumer mail
Rich reporting capabilities allow administrators to identify which devices have connected with Exchange, view device usage statistics, and monitor errors. Over-the-Air Search When a search is executed from a mobile device, not only can the mobile client query the mail items on the local device, but with Exchange Server 2007, it can also search the user's entire mailbox on the server. Search results are delivered to the device where they can be viewed and acted upon just like regular e-mail items. Over-the-air search enables mobile users to access e-mail that is days, weeks, or even months olddespite the limited storage available on todays mobile devices. In this way, users have access to their entire mailboxes at any time. Support for Flags One of the most common e-mail related activities for workers on the go is message triagereading a message header or message contents and deciding what to do with the message. Exchange Server 2007 makes it easy to scan through email using a mobile device and flag items for later action. No longer do users have to do this again with the same messages in Outlook or Outlook Web Access when returning to their offices.
38
Support for HTML Messages Exchange Server 2007 supports rich HTML mail for mobile devices. Tables, fonts, formatting, emphasis, and images are rendered on the mobile device. Users can control whether they want HTML or plain text e-mail. Replying to an e-mail message preserves the HTML formatting for all other users in the e-mail thread. Even if the user has a mobile device that does not support HTML mail, Exchange Server will still preserve the HTML formatting so that the users reply doesnt disrupt the conversation and formatting for others. Inline Message Fetch Exchange Server 2007 introduces a new, more effective asynchronous fetch approach for message content. If a user clicks on a long message or attachment, the device can fetch the necessary data without reloading the entire message. The users place within the message is maintained, so there is no need to start at the beginning of the message after the content is refreshed. Support for Unified Messaging The unified inbox provided by Exchange Unified Messaging is available from mobile devices. Missed call notifications, voice mails, and fax messages are synchronized to the users inbox along with regular e-mails. Voice mails can be played via a mobile devices built-in media player, eliminating the need for the user to dial in to the voice mail system. Employees have seamless access to their business communications, even when they are away from their desks.
39
Mobile Calendaring Enhancements and Out-Of-Office Calendaring improvements in Exchange Server 2007 enable a more complete Outlook experience on a mobile device. Users can now handle meeting requests from a mobile device in the same way they handle them in Outlook. Users can forward, reply, or reply all to a meeting request, so they no longer have to return to their desks in order to pass along meeting requests to colleagues. Meeting organizers can view attendee status from the device so they can see who will be attending their next meeting while en route. Users who forget to set an Out of Office message before leaving on vacation or business travel can now do so using a mobile device. Mobile Document Access Exchange Server 2007 makes it easier to access documents on the corporate network when using a mobile device. Today, e-mails that contain embedded links to documents on internal file shares or SharePoint sites present a problem for mobile device users, because these documents cannot be fetched without a VPN connection. Through LinkAccess, Exchange Server 2007 fetches the document on behalf of the mobile device user so that no VPN access is required.
Figure 33: Using LinkAccess to view a document stored on a SharePoint site (Windows Mobile 6)
LinkAccess has granular permissions that allow administrators to specify which servers and SharePoint sites are accessible from mobile devices, to disable the feature on a per-user basis, or to deactivate it completely.
40
Operational Efficiency
IT professionals spend up to 70 percent of their time maintaining existing systems.
- Accenture
Exchange Server 2007 helps IT professionals reduce costs and increase the productivity and operational efficiency of their organizations. A modular, role-based server architecture simplifies deployment and increases scalability, while a new command-line shell aids in automating routine and repetitive tasks. New tools for monitoring and troubleshooting help administrators keep their systems up and running.
41
y y
Figure 34: Server roles divide Exchange Servers main functions into logical groups
42
In a standard installation, four of these server roles are installed on the same server. The fifth, Edge Transport, is designed to be installed on a separate server in the perimeter network, one that is not domain-joined. To provide load-balancing and redundancy, server roles can also be spread across multiple servers. Dividing Exchange features among server roles has several advantages: y More flexible deployment topology: For a small or medium-sized company that has a limited number of mailboxes, an administrator can install all required roles on one physical server. For a large enterprise with tens of thousands of mailboxes, an administrator can deploy each role on a separate server or multiple servers per role to provide better performance and fault tolerance. Better hardware utilization and scalability: Each server role only installs the binaries and services necessary to perform a specific feature set. Configuring a server with only one or two roles reduces memory, CPU, and disk space requirements for the server. It also reduces the servers attack surface. Easier maintenance: Upgrades, patches, hotfixes, and other server changes that could cause server outage can be isolated to one server role. This reduces maintenance downtime and impact to end users. Administrators can install or uninstall roles on a server at any time.
In addition to these advantages, having preset server configurations also simplifies installation by allowing the mail server to perform role-specific configuration tasks. For example, after installing the Client Access server role in Exchange Server 2007, everything required to make Outlook Web Access work is installed and automatically configured. Previously, the administrator would have needed to perform a number of extra configuration steps, including turning off nonessential services. Exchange Best Practices Analyzer Embedded in the Exchange Server 2007 setup process and available through the Exchange Management Console toolbox, the Exchange Best Practice Analyzer (ExBPA) proactively examines the Exchange organization for problems and discrepancies that could lead to service outages and reliability problems. The Exchange Best Practice Analyzer delivers warnings and error messages to the administrator along with information on how to address these problems. When pre-requisites
Exchange 2007 takes 12 screens to install, compared with 30 screens for Exchange 2003. The new design reduces the screen count by 60%.
- Internal Microsoft study
43
change, the Exchange Best Practices Analyzer surfaces the changes and helps the administrator prepare for a smooth installation. The Exchange Best Practice Analyzer has been updated with readiness checks that administrators can run against their current Exchange Server 2003 environments to help prepare them for the migration to Over 60 percent of highExchange Server 2007. priority Exchange Server The Exchange Best Practice Analyzer: support calls are caused by configuration problems, not y Has been downloaded over 1 million bugs in the product. times since its release Sept. 2004 y y Performs more than 2,000 distinct checks with each scan
- Microsoft Product Support
Outlook Autodiscover Configuration of Outlook mail profiles is automatic when Outlook 2007 is used with Exchange Server 2007. Users do not need to know the name of their mail server in order to set up an e-mail profile. In fact, users who are connected to the corporate network do not need to enter any informationtheir domain credentials are used to create a complete mail profile automatically. Users connecting remotely using Outlook Anywhere (formerly known as RPC over HTTP) need only provide their user name, email address, and password; no knowledge of the Exchange server name is required. Outlook Autodiscover reduces the risk of client misconfiguration and makes it easier to recover from server failures. It also spares users and the IT helpdesk the lost time and expense resulting from support calls related to configuration.
44
Exchange Management Pack for Operations Manager Front-line IT staff can monitor all of the Exchange servers in their organization from a single Microsoft Operations Manager 2005 or Systems Center Operations Manager 2007 console, using management packs designed especially for Exchange Server 2007. Rules in the console align directly with Exchange Server 2007 server roles. In addition, tasks have been added to monitor new features like Unified Messaging, and new reports have been introduced for monitoring Outlook Web Access, ActiveSync and Outlook Client Connectivity.
Exchange Server 2007 continues to use Windows Server Performance Monitor counters and the Event Log provided by the Windows infrastructure. Scripts that were used to monitor MAPI, Outlook Web Access, and ActiveSync connectivity have been replaced with tasks in the Exchange Management Shell. The same set of tasks is used by Operations Manager and the Exchange Best Practices Analyzer. Exchange administrators can use these tasks to monitor system health from the command line.
45
Single Migration Engine Exchange Server 2007 provides a single, comprehensive tool for administrators to perform all types of mailbox migrations, minimizing migration complexity. One tool supports both inter-organization and intra-organization mailbox moves, and is exposed through a common interface.
Exchange Server 2007 supports coexistence with Exchange Server 2000 and Exchange Server 2003, enabling organizations to gradually transition between messaging systems. In the Exchange Management Console, mailboxes from earlier versions of Exchange Server appear in recipient list the along with Exchange 2007 mailboxes, and are easily identifiable by special Legacy Mailbox icons.
Figure 40: Exchange Server 2003 and Exchange Server 2007 mailboxes in the Exchange Management Console
46
Administrator Productivity
Exchange Server 2007 boosts administrator productivity with new tools that improve manageability and help automate routine tasks. Administrators now have both GUI and command-line options for managing the Exchange environment, and a new permissions model helps IT departments more effectively divide the workload of managing the Exchange environment. Exchange Management Console Exchange System Manager has been redesigned and given the new name of Exchange Management Console. It now provides simplified navigation and new filtering capabilities in a completely rewritten graphical user interface.
The interface has been divided into three sections: y The Console tree provides top-level navigation, and has been simplified from 8 levels deep to 3 levels deep. The Results pane and Work pane enable quick searching and filtering. The Actions pane helps management actions to be discovered without the need for extensive right mouse clicks.
y y
47
Exchange Management Shell The Exchange Management Shell is a new command-line interface based on Windows PowerShell that allows administrators to automate routine and repetitive tasks using scripts. Administrators can use it to manage every aspect of the server, from enabling new e-mail accounts to configuring SMTP connectors.
The Exchange Management Shell provides a robust and flexible scripting platform that replaces the complex Visual Basic scripts common in Exchange environments today. Tasks that once took hundreds of lines of code to perform can now be accomplished with as little as one line of human-readable text. Making changes in bulk is vastly easier and improves the accuracy of the changes being made.
Figure 43: Equivalent commands in Visual Basic Script (above) and Exchange Management Shell (below)
48
The Exchange Management Shell complements the Exchange Management Console, allowing administrators to choose between the GUI and the command line to perform management tasks. Every action that can be performed in the GUI can also be performed within the command shell, because the Exchange Management Console is built on top of the Exchange Management Shell.
All wizards in the Exchange Management Console run one or more cmdlets (brief Exchange Management Shell commands) to achieve their work. The one-line commands are displayed in each wizards Completion page, and can be copied (Ctrl+C) and pasted into the Exchange Management Shell command line. These one-liners can be used as examples of the required syntax while the administrator is learning Exchange Management Shell scripting. The Exchange Management Shell uses an object model based on the Microsoft .NET platform, which makes it flexible, powerful, and easy to learn. Third party software vendors can use the Exchange Management Shell to add capabilities to their products and make them scriptable from within the Exchange environment.
If you want to change quotas for 20 accounts, it would take you over 100 clicks in the Exchange 2003 System Manager. In Exchange Server 2007 this takes a single line in the Shell.
- Microsoft internal usability study
Flexible Permission Model In Exchange Server 2007, a new security model helps ensure that each administrator has the right level of server access and privileges to do his or her job. Exchange administrator permissions are granular and straightforward to manage in Exchange Server 2007. The new permissions model introduces a set of predefined administrator roles: organization, public folder, recipient, viewonly, and server.
Figure 45: Add Exchange Administrator Wizard
49
Exchange Organization Administrator: controls all aspects of the Exchange organization Exchange Public Folder Administrator: has permissions to manage public folders Exchange Recipient Administrator: has permissions to manage mail recipients Exchange View-Only Administrator: has permissions to view Exchange configuration data Exchange Server Administrator: has permissions to manage a particular server, but not perform actions that have global impact in the Exchange organization
y y y
These predefined roles make it easier for IT administrators to implement a split permissions administration model, in which separate people are responsible for managing Exchange Server and Active Directory. For example, granting someone the "Exchange Recipient Administrator" role allows them to manage the Exchange-specific properties on recipients without requiring additional Active Directory permissions.
50
Exchange Server 2007 helps IT administrators keep up with the increasing demands being placed on their messaging systems. A new 64-bit architecture boosts scalability, enables server consolidation, and reduces storage costs. New tools are provided to help administrators troubleshoot performance problems, and management of routing topology has been simplified.
64-bit Architecture Demands on messaging systems continue to grow, driven by increased message volume, more mobile devices, and more security policies. By their nature, 32-bit e-mail servers have memory limitations (4 GB) which restrict their ability to cost-effectively support these needs.
32 bit = 232 or 4 gigabytes of addressable memory 64 bit = 264 or 16 exabytes of addressable memory
Exchange Server 2007 moves the Exchange platform to a 64-bit architecture that improves performance and capacity. The larger memory cache available on 64-bit systems reduces disk drive input/output (I/O) requirements significantly (up to 70 percent reduction in I/O per second). By reducing I/O, Exchange Server 2007 makes better use of 64-bit x86-based systems existing storage systems, and gives administrators accounted for 78.8 percent the option of using low-cost storage options such of all x86 servers sold in as Direct Attached Storage, even in demanding the first quarter of 2006. enterprise environments.
- IDC
Because of the move from a 32-bit architecture to a 64-bit architecture, Exchange Server 2007 now supports a larger number of storage groups and databases (as many as 50 databases and storage groups per server). As a result, administrators gain flexibility in partitioning their users for backup and recovery. IPv6 support A default installation of Windows Server 2008 enables support for IPv4 and IPv6. If Exchange 2007 SP1 is deployed in this configuration, all server roles can send data to and receive data from devices, servers, and clients that use IPv6 addresses. Organizations can prepare themselves for next-generation networking and enjoy the benefits of IPv6, which include more robust routing, greater security, and improved performance.
51
Simplified Routing Topology The complexity of the Exchange routing topology has been reduced in Exchange Server 2007 by using Active Directory sites in place of Exchange routing groups. Active Directory sites and site links are used by Windows domains to indicate how traffic propagates between domain controllers, performing a function similar to routing groups. Servers running Exchange Server 2007 detect this information and use it as a basis for routing messages. This means that no additional routing configuration is required in Exchange Server 2007 environments. Because Exchange routing groups are no longer used, administrators can manage all network traffic, including e-mail, in a holistic manner. This leads to several benefits for e-mail administrators: Diagnosing mail flow issues becomes easier, because routes are stable and predictable, rather than dynamic. Scalability is improved. Administrators can add mailbox or hub transport servers to the network and simply wait for Active Directory to replicate the changes in order for these servers to be utilized. Bandwidth is conserved, because traffic is routed more efficiently. Less time is spent on maintaining network topology, because only one configuration view of the underlying network is necessary, rather than two.
Exchange Management Console Toolbox Exchange Server 2007 provides several troubleshooting and management tools within the Exchange Management Console Toolbox. y The Best Practices Analyzer determines whether an Exchange Server deployment is in line with Microsoft best practices. The Details Template Editor helps administrators customize the client-side GUI that is displayed when a user clicks Outlook Properties for a user, group or other object in Microsoft Outlook. The Public Folder Management Console provides a graphical interface for managing public folders. The Database Recovery Management tool assists administrators in restoring service availability during disaster recovery scenarios. The Database Troubleshooter helps administrators fix database mounting failures, reports corrupted log files, and
Figure 46: Toolbox in Exchange Management Console
52
recommends steps for bringing the database to a clean, mountable state. y The Mail Flow Troubleshooter diagnoses and helps remediate inbound and outbound e-mail failures. The Message Tracking tool allows administrators to follow specific messages as they are routed through the Exchange environment. The Queue Viewer allows administrators to monitor mail flow, inspect queues, suspend/resume queues, and remove individual messages. The Routing Log Viewer allows administrators to inspect the routing table log files generated by transport servers. The Performance Monitor tool monitors performance metrics for core system functions, and creates graphs and logs. The Performance Troubleshooter isolates the cause of Outlook or Exchange performance problems and advises how to correct these issues.
Consolidating these tools in the Toolbox work center provides administrators a central location for diagnostic, troubleshooting, and recovery activities. Using Microsoft Update, the tools are kept up-to-date with the latest information and capabilities.
53
Extensibility
Web Services API Today, developers must choose from several APIs to develop partner solutions and customized Exchange applications. No single API meets all the needs of developers. The Exchange Web Services API addresses this problem by providing a single, documented, standards-based programming interface that is accessible from a wide variety of platforms and programming languages. The Web Services API unifies the capabilities previously found in WebDAV, CDO, ExOLEDB, and some Outlook Web Access URL commands. It gives developers a simple way to embed Exchange Server 2007 information into line of business or custom applications. Methods are callable from managed code, over the Internet, from devices, and from any platform that supports web services. There is no need to deploy application code or Creating a meeting request client-side runtime libraries on the Exchange Server and sending invitations using itself, which helps increase system reliability. the Exchange Server 2007 Developers can take advantage of the existing web Web Services API requires six services support built into development tools like lines of code, verses 200+ Visual Studio .NET to leverage the Web Services lines of code using DAV. API.
- Microsoft IT
An example of the power of this new API is the Availability Web Service, which offers a flexible, extensible way to access free/busy information in Exchange Server 2007. Used by clients such as Outlook and Outlook Web Access, the Availability Web Service allows developers to easily embed free/busy information within line of business or custom applications. Outlook Web Access Web Parts Developers use Outlook Web Access Web Parts to embed Outlook Web Access functionality into their portal applications. Exchange Server 2007 provides updated Web Parts to give portals the look and feel of the latest version of Outlook Web Access.
Figure 48: Outlook Web Access Web Parts embedded in a sample Web portal
54
Built-In Protection
80 percent of the businesspeople surveyed say email is more valuable to them than the telephone.
- Meta Group
Exchange Server 2007 includes built-in protection technologies that help keep the messaging system up and running and protected against external threats. A new Edge Transport server role provides e-mail gateway protection technologies in the network perimeter. Exchange Hosted Filtering and Forefront Security for Exchange Server become part of the Exchange Server offering, giving organizations a hosted option for e-mail gateway protection and robust
on-premise antivirus protection. High availability, disaster recovery and clustering capabilities are offered out-of-the-box in Exchange Server 2007 to keep e-mail flowing whether the environment consists of a single server or multiple, distributed sites. Advanced compliance features and a flexible policy engine also help organizations cope with new regulatory regimes and a changing legal environment.
55
The cost of spam in 2005 will come to $17 billion in the United States and $50 billion worldwide.
- Ferris Research
Exchange Server 2007 offers customers a choice in how they implement e-mail gateway security technologies. The Edge Transport server role can be deployed on-premise, or gateway protection can be provided off-site as a managed service by Exchange Hosted Filtering. Both options are provided as part of the Exchange Enterprise Client Access License (CAL).
On-Premise
Deploy the Edge Transport server role in the network perimeter, using Forefront Security for Exchange Server for advanced virus and spam protection
Hosted
Route mail through the Exchange Hosted Filtering service, for anti-spam and antivirus protection provided as a hosted, managed service.
OR
Regardless of which option (hosted or on-premise) is chosen for e-mail gateway security, antivirus software should be deployed on internal e-mail servers to help guard against internal threats and virus transmissions between internal users. Forefront Security for Exchange Server makes it easy to add this protection to the mailbox and hub transport server roles. Third-party antivirus products also integrate with Exchange, helping customers deploy optimal protection for their e-mail environments. Edge Transport Server Role (on-premise e-mail gateway) An estimated 55 billion e-mail spam were sent each day in June 2006, an increase of 20 billion per day from June 2005.
- Jupiter Research
The Edge Transport server role serves as an e-mail gateway deployed in an organization's perimeter network. Designed to minimize attack surface because it is not required to be a domain member, the Edge Transport server handles all Internet-facing mail flow, providing Simple Mail Transfer Protocol (SMTP) relay and smart host services for the Exchange organization.
Robust message protection and security are provided by a series of agents that run on the Edge Transport server and act on messages as they are processed by message transport components. These agents help provide protection against viruses and spam, apply transport rules to control message flow, and help provide connection security. Though it is not domain-joined, the Edge Transport server receives secure updates of selected organization information from Active Directory to reduce the occurrence of false positives as it identifies spam messages.
56
Capabilities of the Edge Transport server role include: Connection Filtering IP-based block and allow lists use a database of sender reputation to reject mail from known spammers. Administrators can implement multiple real-time block list services, including the Microsoft IP Reputation Service. Sender and Recipient Filtering The Edge Transport server role performs protocol filtering on both the Figure 49: Edge Server Anti-spam options sending domain and the inbound in the Exchange Management Console recipient of each e-mail. Sender reputation is dynamically analyzed and updated over time. If the Edge Transport server role spots trends in spam Internet users in the United from a given domain, it will take action to States spend an average of either quarantine or reject incoming three minutes deleting spam messages. Recipients are validated using the each day they use e-mail. addresses in the Global Address List, and - 2004 National Technology administrators may specify recipients Readiness Survey (including distribution lists) that are not eligible to receive e-mail from external sources, thus blocking inbound mail to these destination mailboxes. EdgeSync EdgeSync in Exchange Server 2007 publishes selected information from Active Directory to the Edge Transport server, in an encrypted format, for use in recipient filtering and Outlook safe sender list aggregation.
For example, when an Outlook user chooses to flag a specific sender as safe, this information is distributed to the Edge Transport server. Although the Edge Transport server receives secure updates through Active Directory Application Mode (ADAM), the
57
server is not a member of Active Directory, which helps provide additional security to the internal network. Sender ID The Edge Transport server role implements Sender ID, an industry initiative designed to verify that each e-mail message originates from the Internet domain from which it claims to come. Sender ID helps prevent domain spoofing, helps legitimate senders protect their domain names and reputations, and helps organizations more effectively identify and block phishing scams and junk e-mail. During installation, the Exchange Best Practice Analyzer checks if an organizations own Sender ID DNS record is correct and offers assistance if action is needed. Content Filtering E-mail content passing through the Edge Server is analyzed using the Intelligent Message Filter (IMF), an implementation of Microsoft SmartScreen content filtering. SmartScreen is based on Microsoft Research's patented machine-learning technology, which learns from known spam and phishing threats as well as from hundreds of thousands of Hotmail service customers who voluntarily classify their mail as part of its Feedback Loop program. Anti-phishing capabilities are included in the Intelligent Message Filter to help detect fraudulent links or spoofed domains in order to protect users from online scams. The Edge Transport server role enables the administrator to customize content filters, including the ability to add custom words or phrases. Spam Confidence Level The Intelligent Message Filter consolidates guidance from Connection, Sender/Recipient, and Content filtering to apply a Spam Confidence Level (SCL) rating to a given message. Administrators can pre-configure actions on the message based on this SCL rating. Actions may include delivery to the users inbox, delivery to the users junk mail folder, delivery to the administrator-managed Spam Quarantine folder, or outright rejection. Anti-Spam Stamp Messages filtered by the Exchange Edge Transport server are stamped with information including why the message was considered spam, and which filter or filters (connection, protocol, or content) contributed to its spam assessment. Administrators can use this information to understand the effectiveness of filtering across their multi-layered approach and tune their defenses appropriately. The cost of incorrectly blocked e-mail is expected to be $107 million in 2006.
- Jupiter Research
Figure 51: Anti-spam stamp in message header (visible in Outlook message options window)
58
Two-Tiered Spam Quarantine Using Outlook, administrators can access the Spam Quarantine folder to release good messages to recipients and delete offending messages. Messages with borderline Spam Confidence Level ratings (defined by the administrator) automatically flow to the user's junk mail folder in Outlook, where they are converted to plain text for the users protection. Service Resilience The Edge Transport Server employs SMTP back pressure to control the inbound message receipt rate and ensure high availability. Back pressure, coupled with the ability to detect open proxy machines, can help prevent denial of service attacks. Tarpitting is also used to slow the server response for certain SMTP communication patterns (such as error conditions), thus minimizing exposure to directory harvest attacks. Comparison of Anti-spam Features in Exchange Server 2003 and 2007
Anti-spam Feature
Exchange 2003
Exchange 2007
IP Allow and Deny Lists IP DNS Block Lists Recipient Filtering Sender Filtering Content Filtering (IMF) Content Filter Updates (IMF) Sender ID IP Safe Lists (aka Bonded Sender) Outlook Postmark Validation Protocol Analysis Data Gathering Protocol Analysis Sender Reputation Open Proxy Validation Dynamic Spam Data Update Service Per User/OU Spam Settings Admin Quarantine Automatic DNS block lists
Yes Yes Yes Yes Yes Daily** Yes Yes Yes Yes Yes Yes Yes* Yes Yes Yes*
* Feature is available as part of the Enterprise CAL, or with a separate Forefront Security for Exchange license ** Daily automatic updates are provided with the Enterprise CAL (or a separately purchased Forefront Security with Exchange license), otherwise manual updates are available every two weeks
59
Exchange Hosted Filtering (hosted e-mail gateway) Organizations that desire hosted protection against spam and viruses can use Exchange Hosted Services for e-mail gateway protection rather than the Edge Transport server role. Exchange Hosted Filtering is one of four distinct services in the Microsoft Exchange Hosted Services portfolio, and like Forefront Security for Exchange Server, it is included with Exchange Server 2007s Enterprise Client Access License (CAL). Operating over the Internet as a hosted service, Exchange Hosted Filtering employs multi-layered defenses to help block spam and viruses before they reach the organizations e-mail servers. Activated with a simple MX record configuration change, Exchange Hosted Filtering can be up and running quickly to provide hosted e-mail security. The backbone of Exchange Hosted Filtering is a distributed network of data centers located at key sites across the Internet. Each data center contains fault-tolerant servers that are load-balanced from site to site and from server to server.
The service runs multiple antivirus engines that are integrated at the application programming interface level to continually provide critical virus definition updates. Current engine partners include Symantec, Sophos, Kaspersky Lab, and Trend Micro. An around-the-clock team of anti-spam experts continually monitor network traffic and implement new spam policies as they are needed. Captured spam is routed to the spam quarantine folder where administrators or end users can access it and decide
60
what action to take. Because Exchange Hosted Filtering is a service, organizations get the added benefit of temporary e-mail recovery. Inbound e-mail is queued in a security-enhanced environment for up to five days. If an organizations internal mail servers experience extended downtime, this e-mail can be re-routed from Exchange Hosted Services to another server or made available through a Web-based interface. More information on Exchange Hosted Services is available at: http://www.microsoft.com/exchange/services/default.mspx Microsoft Forefront Security for Exchange Server Microsoft Forefront Security for Exchange Server, an update to the product formerly known as Antigen, provides anti-virus protection for Exchange Server roles in the internal network. For organizations that deploy the Edge Transport server role, Forefront Security for Exchange Server also provides anti-virus protection at the network edge and enhances the built-in anti-spam capabilities of the Edge Transport server role. Forefront is provided as part of the Exchange Enterprise Client Access License (CAL), or can be purchased separately.
Figure 54: Forefront Security protects Exchange Servers Edge Transport, Hub Transport, and Mailbox server roles
Advanced Antivirus Protection Forefront Security for Exchange Server helps provide server-level antivirus protection with a unique multiple-scan engine management approach and advanced contentfiltering capabilities. It combines scan engines from industry-leading antivirus labs around the world. Multiple engines help protect customers with updated virus signatures, helping reduce the window of exposure to any given threat. In Forefront Security for Exchange Server, customers can select up to five antivirus engines to activate. This includes the Microsoft antivirus engine and up to four additional engines from the list of current providers. Current engine partners include CA, Norman Data Defense Systems, Sophos, AhnLab, VirusBuster, Authentium, and Kaspersky Lab, though the list of specific engine providers is subject to change based on customer needs.
61
Forefront Security for Exchange Server integrates with Microsoft Operations Manager 2005 and Systems Center Operations Manager 2007 for availability monitoring. Advanced Anti-Spam Protection Forefront Security for Exchange Server enhances the built-in anti-spam capabilities of the Edge Transport server role by providing automatic content filter updates, specialized spam signature data, and access to the Microsoft IP Reputation Service.
Manual
Automatic
Frequency of updates
Bi-weekly
Daily
No
Yes
No
Yes
Automatic updates By default, anti-spam updates on the Edge Transport role are performed manually the administrator must visit Microsoft Update every two weeks to download and install content filter updates. With Forefront Security for Exchange Server, the Automatic Update service keeps the Edge Server up-to-date without administrator intervention. Spam signature data With Forefront Security for Exchange Server, the Edge Transport server role receives daily updates of spam signature data. These spam signatures are lightweight, time-sensitive representations of the latest spam campaigns in a hashed format. They are downloaded by the Edge Transport server role and used in content filtering to assign a higher Spam Confidence Level to known spam. IP Reputation Services The Microsoft IP Reputation Service is a real-time IP block list used by the Edge Transport server role to block connections from known spammers. This list is
62
offered exclusively for Exchange Server 2007 users via Forefront Security for Exchange Server.
Antivirus Extensibility Architecture changes in Exchange Server 2007 also enable antivirus solutions from third-party vendors to be integrated much more deeply into the Exchange infrastructure. Deep Integration for Antivirus Scanning During 2004, 78% of organizations were hit by viruses.
- CSI and FBI Computer Crime and Security Survey
Exchange Server 2007 provides more effective, efficient, and programmable virus scanning at the transport level. Besides continued support of the Virus Scanning API (VSAPI) at the mailbox database level, Exchange Server 2007 adds support for transport agents on the Hub Transport and Edge Transport server roles. Third-party developers can write customized agents that take advantage of the underlying Exchange MIME and TNEF parsing engine for robust transport-level antivirus scanning. Antivirus Stamp Exchange Server 2007 provides antivirus stamping, which helps reduce the volume of antivirus scanning across an organization by stamping messages that have been scanned for viruses with the version of the antivirus software that performed the scan and the scan results. This antivirus stamp travels with the message as it is routed through the organization and is used to determine whether additional antivirus scanning must be performed. This stamp provides information on which engine did the scanning, which signature was used, and when the message was last scanned. Such information enables selective scanning of stored mail during a virus outbreak, and drives optimal scanning across the messaging network. Attachment Stripping By running attachment filtering on the Edge Transport and Hub Transport servers, administrators can increase protection against undesired files and file types entering (or leaving) the organization via e-mail. Administrators can strip attachments based on their size or file type. Additionally, administrators may choose to strip sensitive attachments from outgoing mail, for example, to help protect a companys intellectual property from leaving the companys control.
63
Business Continuity
Because e-mail is a mission critical application in many organizations, Exchange Server 2007 provides a reliable foundation for enterprise-class availability, with out-ofthe-box high availability, disaster recovery and clustering capabilities. Exchange Continuous Replication Exchange Server 2007 provides out-of-the-box high availability, clustering, and disaster recovery capabilities. A new feature called Continuous Replication makes it easy to add database redundancy to an Exchange environment so that recoveries can be made in minutes, even between geographically separated sites. Continuous Replication uses log shipping to replicate changes from an active Exchange database to a passive copy. This database copy can be placed on a local disk drive, on a separate server, or in a remote datacenter. With Continuous Replication, the time required to recover from storage, server, and site-level failures is dramatically reduced because a database copy is available for immediate activation. Three types of Continuous Replication provide organizations with the right level of redundancy for their business needs: 74 percent of businesspeople say being without email would present more of a hardship than being without phone service.
- Meta Group
Figure 55: Continuous Replication comes in three varieties: Local, Cluster, and Standby
Local Continuous Replication (LCR) For budget-conscious customers, Exchange Server 2007 offers a locally replicated database copy that can be brought online manually in the event of a disk drive failure. The LCR database copy is placed on the same server as the active database, but on a separate disk drive. If the active database experiences storage failure or data corruption, the administrator can switch to the copy in minutes instead of spending hours restoring a backup. Cluster Continuous Replication (CCR) For customers with strict 24x7 availability needs, Exchange Server 2007 offers replication in a cluster with symmetric failover and failback. Unlike previous clustering options, storage does not need to be shared between the servers that
64
make up the cluster. Because the storage is not shared, the customer is better protected from a failure in the storage system, and it is easier to implement geographically dispersed clusters. Failing over to the passive server node provides minimal disruption to the end user and requires no administrator intervention. Unlike previous clustering solutions for Exchange, CCR does not require expensive SAN storageadministrators can choose Direct Attached Storage (DAS) and iSCSI instead. Standby Continuous Replication (SCR) For customers who need a recovery option when an entire datacenter fails, Exchange Server 2007 offers Standby Continuous Replication. This feature, added in Exchange Server 2007 Service Pack 1, enables mailbox data to be replicated to a standby server. The standby server can be placed in an off-site location, providing a disaster recovery solution that is resilient to the failure of an entire datacenter. The benefits of Continuous Replication are not limited to increased uptime. With LCR and CCR, backups can be made from the passive copy of the replicated data, reducing the load on production storage groups. Having a replicated copy of mailbox data means that organizations can rely less on tape backups for recovery. Continuous Replication will allow many organizations to move from a nightly full archive backup (often done to tape) to a weekly archive backup, reducing media and personnel costs. Automatic Server Updates Exchange Server 2007 automates patching and updating of servers using either Microsoft Update via the Web, Windows Update Server, or Microsoft Systems Management Server. Anti-spam updates are received automatically as part of Forefront Security for Exchange Server, and require no administrator intervention. Patches and updates are applied in a role-specific fashion, meaning only those servers with relevant roles will be affected. This decreases maintenance requirements and improves stability.
Confidential Messaging
Exchange Server 2007 uses encryption technology to help keep messages confidential within organizations and over the Internet. New features in Exchange Server 2007 help ensure: E-mail is read only by the intended recipients E-mail is protected from unauthorized alteration E-mail is protected from unauthorized disclosure
Intra-organization Encryption All mail traveling within an Exchange Server 2007 organization is authenticated using Kerberos and encrypted by default. This helps prevent spoofing and ensures the confidentiality of messages in transit. E-mail inside the organization is automatically encrypted all the way from the sender's e-mail client to the recipient's e-mail client, using encrypted RPC and TLS. Outlook Web Access user sessions are secured via SSL encryption and the connections between mobile devices and the Exchange server are also secured via SSL.
65
Automatic TLS encryption Most e-mail traveling over the Internet today remains unencrypted. Many mail servers on the Internet support TLS (Transport Layer Security) encryption via the STARTTLS standard SMTP command, but complex configuration is often required in order to take advantage of this encryption. On outbound connections, Exchange Server 2007 servers automatically use TLS encryption to connect with other servers that support TLS. For inbound connections, Exchange Server 2007 Edge Transport servers are automatically provisioned with a TLS certificate, enabling other hosts to encrypt messages. Additionally, on inbound and outbound connections, Exchange Server 2007 can be configured to require TLS for connections to and from specific partner hosts. Message Classification Today, using message classifications for e-mail requires users to manually select policies in Outlook. Exchange Server 2007 gives administrators the ability to apply message classifications to messages in transit. Transport rules on the Hub Transport server role can be configured to apply message classifications based on subject, content, or sender/recipient.
Rights Management Services (RMS) Pre-licensing Exchange Server 2007 Service Pack 1 pre-licenses messages that are protected with Microsoft Windows Rights Management Services (RMS). This means that users who open RMS-protected messages do not experience a delay as they wait for the license to be retrieved. It also enables users to download protected messages and attachments in Outlook and later access those items while working offline. The advantages of the RMS pre-licensing agent extend to Windows Mobile 6 devices as well, making it easier than ever to access protected messages while on the go.
66
Compliance
24% of organizations have had employee e-mail subpoenaed by courts and regulators.
- AMA & The ePolicy Institute
Exchange Server 2007 provides a new policy engine and rules wizard so IT administrators can filter, examine, change, journal, and archive any message in their organizations system, including e-mail, voice mail, and faxes. If the need arises, special tools and powerful cross-mailbox search speed the auditing process.
Transport Rules Exchange Server 2007 allows organizations to enforce enterprise, governmental, and legal requirements through a sophisticated email flow control and policy engine. Administrators or compliance officers can establish and enforce regulatory or corporate policies on internal or outbound e-mail, voice mail, or fax messages. Using a simple Outlook-like rules wizard interface, an administrator can create a variety of rules. For example, an administrator can use transport rules to create an ethical wall that prohibits communication between members of selected distribution lists. An administrator can also append a disclaimer to any message being sent externally, or BCC the compliance officer when a specific phrase appears in the subject or content of a message. Messaging Records Management Exchange Server 2007 enables administrators to create mail storage rules for enforcing archiving and deletion policies. This helps organizations reduce the legal risks associated with e-mail storage, making it easier to keep what is needed to comply with company policy, government regulations, or legal needs, while removing content that has no legal or business value. Over 75% of all documents created in the enterprise circulate in e-mail.
- Gartner
In Exchange Server 2007, Managed Folders provide a mechanism to automatically retain, expire, or journal communications based on corporate policy requirements. Administrators set up Managed Folders with custom policies that govern how long each item is retained. These folders can be automatically pushed out to users mailboxes, or users can opt in by selecting the folders from a Web page.
67
Policies for each folder are visible in Outlook and Outlook Web Access
Users can define their own custom sub-folders Figure 59: Key features of Managed Folders
Users classify messages by placing them into a Managed Folder. The messages inherit retention, archiving, and expiration policies defined by a system administrator. When the item expires, it can be deleted permanently, deleted with an option to recover in Outlook, moved to a review folder, archived to a SharePoint site, sent to Exchange Hosted Archive, or sent to a third-party archiving product. Data that is sent to an external repository can be stamped with metadata to preserve its classification information.
68
Flexible Journaling Exchange Server 2007 lets administrators record all e-mail messages that enter and leave the organization. This process, called journaling, is required by many organizations because of legal and regulatory requirements. Journaled messages can be archived to any SMTP address, including an Exchange mailbox, Exchange Hosted Archive, or a third-party archiving solution.
Figure 61: New Journal Rule wizard
15% of companies have gone to court to battle lawsuits triggered by employee e-mail.
- AMA & The ePolicy Institute
Journaling flexibility has increased with Exchange Server 2007. In Exchange Server 2003, journaling could be only enabled per mailbox store. In Exchange Server 2007, journaling can be set up on a per-database, per-distribution list, per-user, or org-wide basis. All messages can be journaled, or just those sent internally or externally. Transport rules may also dictate when to journal based on message sender, recipient, or content.
A journal report is the message that the Exchange Server generates when a message is submitted to the journal mailbox. Journal reports now include additional information such as BCC recipients. The original e-mail message that matches the journal rule is included unaltered as an attachment to the journal report.
69
Multi-Mailbox Message Search Exchange Server 2007 allows for easier and faster message auditing using powerful new tools and crossmailbox search. Fast, multi-mailbox search is available for discovery, helping organizations save on litigation support costs. When the need to discover information arises, administrators can perform a fast, full text search across all mailboxes in their organization with minimal impact on mail flow or client access. The search results can be exported to .pst file for easy offline access and sharing.
70
Figure 64: Comparison of Server Editions in Exchange Server 2003 and Exchange Server 2007
The 75 GB storage limit on the Standard Server (present in Exchange Server 2003 with SP2) has been lifted, so there is no software storage limit for either server edition. The price for Exchange Server Standard Edition and Exchange Server Enterprise Edition remains unchanged from Exchange Server 2003.
Client Access Licenses Exchange Server 2007 introduces a new Enterprise Client Access License (CAL), in addition to the Standard CAL that was present in Exchange Server 2003. The price of the Exchange Standard CAL remains unchanged in Exchange Server 2007. The Exchange Enterprise CAL, purchased as an add-on to the Exchange Standard CAL, gives an organizations users unified messaging, multi-tiered anti-spam/antivirus protection, advanced compliance, and additional ActiveSync policies.
71
Enterprise CAL includes: - Unified Messaging - Advanced Compliance Per-user journaling Custom Managed Folders - Anti-spam/Antivirus Services Exchange Hosted Filtering Forefront Security for Exchange Server 2007 - Additional ActiveSync policies
Choosing a licensing option Server editions and CALs can be mixed and matched so customers can purchase the solution that best meets their business needs. Organizations should choose their server editions based on scalability requirements and their client access licenses based on functionality requirements. The following examples illustrate how organizations might select the appropriate licensing option.
Customer Example A large financial services organization that wants hosted anti-spam and antivirus A small law firm that wants advanced compliance and Unified Messaging A large manufacturing company that wants rich email, calendaring, and mobility
72
Localization
To meet the needs of organizations across the globe, Exchange Server 2007 has been localized into more languages than ever. Outlook Web Access is available in 45 languages, compared with the 25 languages supplied in Exchange Server 2003 Service Pack 2. The Exchange Management Console and the Exchange Management Shell are available in 11 languages. Two of these languagesRussian and Brazilian Portugueseare newly added since Exchange Server 2003. Approximately 450,000 words are localized per language to give administrators and users access to features in their own languages.
- Exchange Localization Team
Figure 67: Outlook Web Access menus in Chinese, Brazilian Portuguese, Arabic, Greek, Vietnamese, and Hindi
Outlook Voice Access provides access to e-mail, calendar, contacts, and voice mail from any standard telephone in 16 languages and dialects using a localized telephone keypad and text-to-speech experience. Speech recognition capabilities are also available in English.
Outlook Voice Access languages/dialects Chinese Peoples Republic of China Chinese Taiwan Dutch English Australia English UK English US French Canada French France German Italian Japanese Korean Portuguese - Brazilian Spanish - Mexico Spanish - Spain Swedish
73
Exchange Servers anti-spam technology is trained to detect and take action on nonEnglish spam as well as English spam. SmartScreen content filtering uses input from hundreds of thousands of Hotmail service users who voluntarily report messages as spam. There are active members in the feedback loop representing countries across the globe, and more than half of these people use a non-English user interface. They see and report spam in their own languages, which the Intelligent Messaging Filter uses to help block malware in many languages.
75
Conclusion
For organizations today, e-mail is a mission-critical communications tool. Each year the volume of messages increases, the number of mobile workers expands, and the speed at which business is conducted grows ever faster. Organizations have to contend with wide-ranging e-mail security threats: continually evolving spam and viruses, increased vulnerability of e-mail to interception and tampering, the potential for natural and manmade disasters, and risks associated with noncompliance with changing laws and regulations. In this environment, the expectations for what an e-mail system should deliver have evolved. Employees need rich, efficient access to e-mail, calendar, contacts, and voice mail no matter where they are. IT professionals need a system that is highly reliable, cost effective, and easy to manage. Organizations need a messaging system that can support the needs of their end users without compromising security. Microsoft Exchange Server 2007 has been designed to meet these challenges. It provides advanced e-mail and calendaring while delivering new methods of access for employees, greater productivity for IT administrators, and increased security and compliance capabilities for organizations.
Anywhere Access: Employees can be productive from mobile devices, remote computers, and their desktops, enjoying integrated access to more types of communications, including e-mail, voice mail, fax, calendar, and contacts. Operational Efficiency: IT departments can deliver messaging services with reduced cost and complexity by using new tools that make administrators more productive and new capabilities that optimize hardware and network resources.
Built-In Protection: Organizations can rely on their messaging platforms to be up and running, better protected from spam and viruses, and more supportive of their efforts to remain compliant with regulations and laws.
Exchange Server 2007 provides the anywhere access that end users want, the operational efficiency that IT administrators need, and the messaging protection that organizations demand.
77
Getting Started
This section describes how to install and configure Exchange Server 2007. Exchange Server 2007 includes substantial investments that improve the installation experience for IT administrators: y y y y The new setup process reduces complexity by incorporating the modular, server role architecture of Exchange Server 2007 Microsoft Windows Installer technology provides distinct installation packages and smart default settings Exchange Best Practices Analyzer (ExBPA) is integrated in the setup process to perform prerequisite checking and identify potential deployment errors To ease deployments in large environments, Exchange Management Shell scripts can be used to automate server installation and provisioning
TIP: If you do not want to install Exchange as part of your evaluation, you can download a pre-configured virtual hard disk (VHD) image with Exchange Server 2007 SP1 pre-installed, from Microsofts VHD Test Drive program. Visit this URL for details: http://technet.microsoft.com/en-us/bb738372.aspx If you download the VHD image, skip the following instructions, and proceed to the Guided Tour section.
System Requirements
Before you begin, verify that your server meets the requirements detailed in Exchange 2007 System Requirements, available at this URL: http://technet.microsoft.com/en-us/library/aa996719.aspx
78
Two packages are available for download: a 32-bit version and 64-bit version. Be sure to download the version that matches your Operating System (i.e. download the 64-bit version if your server is running Windows Server 2003 x64). Note: The 32-bit version of Exchange Server 2007 is provided for training and trial purposes. Do not use the 32-bit version to run server roles in a production environment. After 120 days, the evaluation version will expire. You can upgrade your evaluation software to full product at anytime by entering a valid product key.
Be joined to a domain and have rights to the domain controller If you need to promote your target machine to be a domain controller, please refer to page 108 for step-by-step instructions on how to do so. Additionally, you must ensure that your network and directory servers meet the following requirements: Active Directory domain functional level must be Windows 2000 native or higher for all domains in the Active Directory forest. To verify the domain functional level on the domain controller: 1. Click Start Administrative Tools Domains and Trusts Active Directory
2. Right-click the domain and click Properties. 3. If the Domain functional level is not Windows 2000 native or Windows 2003, right-click the domain and select Raise Domain Functional Level.
Domain Name System (DNS) must be configured correctly in your Active Directory forest.
79
80
2. In the Plan list, click Read about Microsoft Exchange Server 2007 Deployment This will launch a web browser window so you can read about deployment concepts that are new in Exchange Server 2007. After reviewing these concepts, proceed to the next step.
Install Prerequisites
Steps 1-3 on the Start screen help you install software prerequisites. If these prerequisites are already installed, the links will be disabled. Otherwise, you can click each link to download and install the software. 1. Click Step 1: Install .NET Framework 2.0. Download and install the Microsoft .NET framework. 2. Click Step 2: Install Microsoft Management Console (MMC). Download and install MMC 3.0. 3. Click Step 3: Install Windows PowerShell. Download and install Windows PowerShell.
81
3. On the End-User License Agreement screen, select the I accept the terms in the license agreement option, and then click Next.
4. On the Customer Feedback invitation screen, select Yes, and then click Next.
82
Verify that the Typical Exchange Server Installation option is selected and click Next. This will install the Mailbox Role, Client Access Role, and Hub Transport Role.
Introducing Server Roles Exchange Server 2007 introduces new concept called server roles. Server roles allow administrators to deploy only the features and services necessary on a given server. This minimizes manual activities for the administrator, reduces the time required for installation, and limits attack surface for increased security. The five server roles are: y y y y y Mailbox - Hosts mailboxes, public folders, and core services including calendaring Client Access Provides Outlook Web Access, Web services, and mobile device access Hub Transport Provides internal routing and a policy engine for enforcing compliance rules Unified Messaging Integrates with PBX systems for voice mail, fax receiving, and voice access services Edge Transport Acts as SMTP gateway; providing AV, anti-spam and messaging security services. This is an optional server role. If implemented, it should be deployed in the perimeter network (DMZ).
83
Only the Hub Transport and Mailbox server roles are required for Exchange Server 2007 installation. All server roles, with the exception of Edge Transport, can be deployed on a single server. Or, they can be installed separately. Large and/or complex organizations will typically choose to spread roles across multiple server machines for load balancing and redundancy. Mid-sized organizations will often place multiple roles on a single machine. Small organizations will typically place all roles on one machine, or purchase Exchange Server 2007 as part of the next release of the Small Business Server. Detailed explanations of these server roles are provided on page 41.
6. On the Exchange Organization screen, type a name for the Exchange Organization. Click Next.
84
7. On the Client Settings screen, leave the No radio button selected and click Next.
85
9. When the readiness checks are complete, click Install. Progress bars will track the status of installation tasks.
10. When all installation tasks are complete, click Finish to close the Exchange Server Installation Wizard screen.
86
Finalize Deployment
After installation is completed, the Exchange Management Console is launched. A Finalize Deployment tab is displayed in the console to assist administrators in finalizing the Exchange deployment. Organized by server roles, the actions give administrators details on how to configure Exchange and enable features appropriate for their environment.
87
88
5. Verify that the correct Active Directory Server is listed, and then click Connect to the Active Directory Server 6. Type Post-Install Health Check as the identifying label. Click Start Scanning.
7. After scanning is complete, click View a report of this Best Practices scan
89
8. View the Critical Issues List report. If no critical issues are shown, click the All Issues tab.
Figure 85: Best Practices Analyzer View Best Practices Report screen
9. Click each issue to reveal issue details and suggestions for resolving the problem. 10. Close the Best Practices Analyzer Tool
91
Guided Tour
The following step-by-step tour is a fast way to become familiar with the features available in Exchange Server 2007. This tour assumes that you have installed Exchange Server 2007 or downloaded a pre-configured Virtual Hard Drive (VHD) image as described in the Getting Started section of this guide. To learn more about the features you experience in the Guided Tour, follow the cross references to the Feature Review section of this guide, or access the Exchange Server 2007 Help files, which are publicly available as part of the Exchange Server 2007 Library on TechNet: http://www.microsoft.com/technet/prodtechnol/exchange/2007/ These files are also available once you have completed product installation by clicking: Start All Programs Microsoft Exchange Server 2007 Exchange Server Help
92
2. If a window pops up that says The following servers in your organization are currently unlicensed, click OK to close it. 3. In the Console tree (on the left side of the screen), expand Recipient Configuration and click Mailbox 4. In the Action pane (on the right side of the screen), click New Mailbox 5. Select User Mailbox and click Next 6. Select New User, then click Next 7. Enter the following user information First name: Last name: User logon name: Password: Confirm password: Lucy Huff lhuff P@ssw0rd P@ssw0rd
Un-check the User must change password at next logon box, if necessary 8. Click Next, click Next, click New, click Finish 9. Repeat the above steps to create a second user account First name: Last name: User logon name: Password: First name: Last name: User logon name: Password: Owen Baker obaker P@ssw0rd Luis Bonifaz lbonifaz P@ssw0rd
93
Confirm password:
P@ssw0rd
4. Click Next, click Next, click New, click Finish 5. Repeat the above steps to create a second room mailbox First name: Last name: User logon name: Password: Conf Room 2 - Galileo cf2 P@ssw0rd
94
Launch the Exchange Management Shell Tips and help files assist administrators in becoming familiar with Exchanges new command-line interface.
1. Click Start All Programs Management Shell 3. Type tip 27. Press ENTER. 4. Read the tip. 5. Try out tab completion by typing get-send and then pressing the TAB key (do not type a space). 6. Press the TAB key repeatedly to scroll through available options. 7. Press the ESCAPE key to clear the command line 8. Type get-excommand and press ENTER A long list of commands available in the Exchange Management Shell will quickly scroll by 9. Type get-help test-servicehealth to see a brief summary of one of the commands, the test-servicehealth cmdlet. Microsoft Exchange Server 2007 Exchange
2. On the Exchange Management Shell welcome screen, read the tip of the day
Paste commands from wizards into the Exchange Management Shell Wizards in the Exchange Management Console (GUI) run and display shell commands. These can be pasted into the Shell to help administrators learn the syntax and build reusable scripts.
1. Leave the Exchange Management Shell open. Switch to the Exchange Management Console (GUI interface). (If necessary, re-open the Console window by clicking Start All Programs Microsoft Exchange Server 2007 Exchange Management Console) 2. Click Recipient Configuration Distribution Group. Distribution Group. In the Action pane, click New
3. Select New Group, and click Next. 4. In the Name box, type Building 1 All Employees. 5. Click Next, click New. Wait for the wizard to finish (do not close the wizard). 6. Press Ctrl+C to copy the contents of the Completion page. Click Finish to close the wizard. 7. Open Notepad (click Start All Programs Accessories Notepad). 8. Press Ctrl+V to paste the text into Notepad 9. In Notepad, delete all text above and below the new-DistributionGroup one-liner 10. In notepad, click Edit Click Cancel. Replace. Find 1 and replace with 2. Click Replace All.
11. Highlight the updated text and press Ctrl+C to copy it to the clipboard. 12. Leave Notepad open. Switch to the Exchange Management Shell 13. In the top left corner of the Exchange Management Shell, click the Exchange Management Shell icon and click Edit Paste. Press ENTER to run the command. Note: If you pasted a carriage return with the command from notepad, you do not need to press enter. The command will run automatically. 14. Close Notepad
95
Adjust mailbox quotas Tasks that affect multiple accounts, such as setting mailbox quotas, are well-suited for the Exchange Management Shell.
1. In the Exchange Management Shell, type get-mailbox and press ENTER. A list of all mailboxes is displayed. 2. Type Get-m <press tab key> | set-m <press tab key> pr <press tab key> 1gb The final command should look like: get-mailbox | set-mailbox prohibitsendquota 1gb 3. Press ENTER to run the command 4. Type Get-mailbox and press Enter. Note that the ProhibitSendQuota has been updated for all users.
Monitor sytem health Commands for monitoring system health can be called from the Exchange Management Shell. Microsoft Operations Manager monitors the Exchange Server environment using these same commands.
1. In the Exchange Management Shell, type net stop msexchangesearch, then ENTER. This will simulate a failure of the Microsoft Exchange Search Indexer service. 2. Type Test-ser and press the TAB key This will tab-complete the test-servicehealth command 3. Press ENTER to run the command Note that next to the Mailbox server role, the RequiredServicesRunning column is false. 4. Type Net start msexchangesearch and press ENTER 5. Type Test-servicehealth and press ENTER Note that all required services are now running. 6. Type test- and press the TAB key repeatedly to scroll through the list of available diagnostic tasks. Select Test-MAPIConnectivity 7. Press ENTER This command determines if MAPI connectivity to the server is functioning properly
Run a saved script Some monitoring tasks require a test mailbox account to be created. To accomplish this, the administrator can run one of the sample PowerShell scripts that are installed with Exchange Server 2007.
1. Launch Windows Explorer and browse to c:\Program Files\Microsoft\Exchange Server\Scripts\. Note that several sample scripts are available. 2. Close Windows Explorer 3. In Exchange Management Shell, type the following command (be sure to include the quotation marks): cd c:\Program Files\Microsoft\Exchange Server\Scripts\ 4. Press ENTER. 5. Type New-testcas and press the TAB key. Note that the name of the newTestCasConnectivityUser.ps1 script is filled out via tab completion. 6. Press ENTER to run the script. 7. Type P@ssw0rd when prompted to enter a password, then press ENTER. 8. Press ENTER again when prompted to continue.
96
9. Type Test-ActiveSyncConnectivity -TrustAnySSLCertificate 10. Press ENTER This command determines if the server is responding properly to ActiveSync requests
Move mailboxes The move-mailbox command is a prime example of how administrators can automate repetitive tasks using Exchange Management Shell. Multiple accounts can be moved from the database to another with a single command.
1. Type the following command: get-mailbox | format-table displayname, database 2. Press ENTER. A list of mailboxes is displayed, with the database that each mailbox belongs to. 3. Type the following command: get-mailbox -database "Mailbox Database" | move-mailbox -targetdatabase "Mailbox Database 2 -validateonly This command has the validateonly switch, so the command will not actually perform any actions 4. Press ENTER 5. Scroll upward and verify that the StatusMessage for each mailbox indicates This mailbox can be moved to the target database 6. Press the up arrow on your keyboard one time, which will retype the most recent command. Use the backspace key to remove the -validateonly parameter. Press ENTER 7. When prompted Are you sure you want to perform this action?, type A and press ENTER Note that the green status bar at the top of the screen shows progress of the mailbox moves. This is similar to the status message shown when running the move-mailbox wizard from the Exchange Management Console (GUI). Both the Shell and GUI movemailbox interfaces are built on the same underlying code.
97
P@ssw0rd
5. Click the Language drop-down list and note the variety of languages (45 in total). 6. Verify that the Current Time Zone is set correctly. Click OK to finish the login process.
Use spell check Spell check in Outlook Web Access has been significantly improved.
1. Start a new e-mail message by clicking New. 2. Compose the following mail message. Be sure to misspell the word projct in the message. To: Subject: Message: Lucy Huff help Can we get together to discuss strategy for the Condor projct?
3. Click the spell-check icon (look for a blue checkmark with the letters ABC in the top center of the message window). Outlook Web Access will underline misspelled words in red. 4. Right-click the word project and select the correct spelling. Click Send.
Use address auto-complete When you start to type an e-mail address, Outlook Web Access provides suggestions for auto-completion. This information is stored at the server, so it is accessible from any computer.
1. Remain logged in to Outlook Web Access as Owen. 2. Start a new e-mail message by clicking New. 3. In the To: box, type the letters lu. Note that Lucys name appears. Press the TAB key to select Lucys name. 4. In the Cc: box, type the letters ow. Press CTRL+K to check the name and autocomplete Owen Bakers name. 5. Compose the following message Subject: Message: 6. Click Send. Status update on PO Ill let you know when I hear from Ray; hopefully hell reply soon.
Use flags and categories Outlook 2007 flags and color categories are fully supported in Outlook Web Access, and are available from either interface.
1. Click Inbox. The e-mail sent in the previous step should appear. 2. In the center pane, right-click the small flag icon (on right side of e-mail summary) 3. Select This week to flag the message for follow-up 4. Click the categories icon (the small rectangle beneath the flag) and click manage categories. 5. Verify that the first sample category is selected and click Delete Category. Click OK to confirm that you want to delete the category. 6. Repeat until all categories are deleted. 7. Click Create New Category. 8. Select the color Blue and category name Pending. Click OK
98
9. Repeat and add a category for color Red and category name Critical. 10. Repeat and add a category for color Green and category name Finance. 11. Click OK to close the Manage Categories window. 12. Click the rectangular categories icon on the email summary. The categories menu will pop up. 13. Select the Finance category and the Pending category. 14. Click the Inbox to close the categories window.
View mailbox space usage Mailbox usage and quota is available at a glance, helping users manage their mailbox size
1. Use the mouse pointer to hover over the root of the Owen Bakers name (at the top of the left navigation pane) 2. Note that the amount of mailbox space used is displayed. When the user nears his or her mailbox limit, this message is displayed at all times.
Browse the Global Address Book The Global Address Book in Outlook Web Access now provides free/busy status at a glance and an organization view (manager and colleagues of the selected person).
1. Locate the Find Someone box on the top center of the screen. 2. Click the Address Book icon to the left of this box to launch the Address Book. 3. Highlight Lucy Huff in the center pane. 4. Note that Lucys contact information is displayed, along with her free/busy information. Note: This screen pulls contact and organization information from Active Directory. You can populate this information in the Exchange Management Console by clicking Recipient Configuration Mailbox, double-clicking the Lucy Huffs name, and editing the Organization and Address and Phone tabs. 5. Close the Address Book window.
View a document in HTML format (WebReady) Outlook Web Access 2007 can transcode a variety of document types including Word, Excel, PowerPoint and PDF files from their native format into HTML so that they can be viewed in a client browser.
1. In the left side navigation bar, click Mail. 2. Click New 3. Compose a new mail message To: Lucy Huff Cc: Owen Baker Subject: Doc from strategy off-site 4. Attach an Excel, Word, PowerPoint, or PDF file. Tip: There may be a Readme.doc file located on the server at C:\I386\ADMT for you to use (depending on the options you selected when you installed Windows Server). 5. Click Send. 6. Click Inbox. The new message should appear
99
7. Double-click the message to open it. Click the Open as Web Page link next to the attachment 8. Note that the file has been converted to HTML. 9. Close the WebReady document viewing window. Close the message window.
Explore OWA light Outlook Web Access Light provides a browser experience optimized for a diverse set of browsers and operating systems, slow connections, and strict browser settings. It also provides the best accessibility for blind and low-vision users.
1. Click Log Off. 2. Type https://localhost/owa in the Address bar 3. Click the checkbox for Use Outlook Web Access Light 4. Log in as: Domain\user name: Password: obaker P@ssw0rd
The Light version of Outlook Web Access is displayed. 5. Browse through the Mail, Calendar, and Contacts menus. Compare the experience with the regular version of Outlook Web Access. Click Log Off.
Clear the Use Outlook Web Access Light checkbox if it is selected 6. In the following steps, you will perform some actions in Outlook 2007 (logged in as Lucy Huff) and some actions in Outlook Web Access (logged in as Owen Baker). Note the similarities between the two interfaces as you complete the following steps.
Use the Scheduling Assistant A new Scheduling Assistant provides visual guidance on the best dates and times to meet based on meeting invitees and required resources.
1. Open Lucy Huffs inbox in Outlook 2007 2. Click Calendar. Click the Week tab. 3. Double-click the 10am time slot on the calendar for tomorrow READ MORE ON PAGE 18
100
4. When the appointment screen appears, type Review RFP for the subject. Change the end time to 1pm. 5. Click Save and Close 6. Repeat the process to set up a second appointment at 9am the day after tomorrow. Make the appointment 3 hours long. 7. Repeat the process to set up a third appointment on Lucys calendar. The date of the appointment should be one week from now. When creating the appointment, click the All Day Event checkbox. Change Show As to Out of Office. Click Save and Close. 8. Switch to Owen Bakers account in Outlook Web Access. 9. Click Calendar. Click Work Week. 10. Double-click the 2pm time slot on the calendar for tomorrows date. When the appointment screen appears, type Library Research for the subject. Change the end time to 5pm. 11. Click Save and Close 12. Repeat the process to set up a second appointment at 1pm on the day after tomorrow. Make the appointment 4 hours long. 13. Repeat the process to set up a third appointment on Owens calendar. The date of the appointment should be three weeks from now. When creating the appointment, click the All Day Event checkbox. Change Show As to Out of Office. Press Save and Close. With meetings on the calendar, we are now ready to use the Scheduling Assistant 14. Switch to Outlook 2007. 15. Click Today on Lucy Huffs calendar to return to the current week 16. Double-click 2pm on tomorrows date to create a new meeting 17. Type Review Q3 performance as the Subject. Type Owens office as the Location. 18. Click the Scheduling Assistant tab. 19. In the Attendee list, add Owen Baker as an attendee. 20. Locate the Duration drop-down list the right hand side of the screen. Change the duration to 3 hours. 21. Wait for the calendar to refresh. The Scheduling Assistant will mark days on the calendar that contain good meeting times in white, and the poor dates in purple (based on the schedules of all attendees). 22. Click the first day on the calendar (after todays date) that is white in color The list of suggested times within that day will be displayed beneath the calendar. Times within each day are shaded according to how optimal the meeting time is (based on attendee and resource availability) 23. Click the first suggested time. 24. Click Send. 25. Switch to Outlook Web Access (remain logged in as Owen Baker). 26. Click Mail. Wait for the meeting request from Lucy Huff to arrive. 27. In the reading pane, click the Accept button and select Send the response now. The ability to reply to a meeting request without opening it is a new feature in Outlook Web Access. 28. If desired, click Calendar and schedule a meeting request with Lucy Huff, following the same steps as above. Note the similarity between the Scheduling Assistant interface in Outlook 2007 and Outlook Web Access.
101
The Calendar Attendant reduces scheduling conflicts by limiting calendar items in the inbox to the latest version and marking meeting requests as tentative on recipient calendars until users can act on the request.
1. Return to Lucy Huffs calendar in Outlook 2007.
2. Locate the Review Q3 performance meeting request created in the previous exercise. 3. Drag the appointment to a new time, and release it. 4. Click Save changes and send update in the dialogue box that pops up. Click OK. 5. Click Send Update. 6. Repeat the previous step, moving the meeting forward by a day. Click Save changes and send update 7. Double-click the meeting to open it. Change the meeting time again, moving it back by one hour. Change the location to Lucys Office. In the body of the meeting, type Sorry to keep moving this around. I had to juggle a few things. 8. Click Send Update. Wait a few moments. 9. Switch to Outlook Web Access. Click Inbox to view new messages. 10. Note that only the most recent update to Review Q3 performance meeting is shown in the inbox. Click the meeting request to view it. Note that When: and Description: are marked in orange, indicating that they have changed since the original request. 11. Click Accept. Click Send the response now
Schedule an Out of Office message Out of Office messages can now be scheduled to begin and end on specific dates and times. Out of Office messages can be specified with one version for internal recipients and another for external recipients.
1. Remain logged into Outlook Web Access as Owen Baker 2. On the top right corner of the screen, click Options 3. In the left navigation bar, click Out of Office Assistant 4. Click Send Out of Office auto-replies 5. Click Send Out of Office auto-replies only during this time period: 6. Change the start time and end time to some dates in the future 7. Type a message in the textbox. For example: I am in San Francisco this week for client visits. Lucy Huff is handling all issues while Im out. Call my cell (617372-0454) if it is an emergency. 8. Highlight the name Lucy Huff and press the bold button on the font controls provided. 9. Highlight the word emergency and press the underline button. 10. Scroll down and select the Send Out of Office auto-replies to External Senders checkbox 11. Click the Send Out of Office auto-replies to anyone outside my organization radio button 12. Type a message in the box. For example: I am out of the office this week. Please contact service@nwtraders.com in my absence 13. Scroll to the top of the page and click the Save button READ MORE ON PAGE 21
102
Search for messages A new search platform provides dramatic improvements in indexing efficiency, so Exchange mailboxes are fully indexed by default. Whether the user is searching using Outlook or Outlook Web Access, information can be found quickly and intuitively.
1. Return to Lucy Huffs inbox in Outlook 2007. 2. In the Search Inbox box, type strategy. 3. If you have Instant Search enabled, results will begin to appear immediately. If Instant Search is not enabled, click the magnifying glass to launch the search. 4. View the search results 5. Switch to Owen Bakers Inbox in Outlook Web Access. Type the word strategy in the Search Inbox box. 6. Click the small downward-facing triangle located immediately to the right of the magnifying glass. 7. In the drop-down list, change the search location from This Folder to All Folders and Items 8. Click the magnifying glass to begin the search. Note that the messages from Owens Sent Items are displayed in the search results. READ MORE ON PAGE 22
Apply an ActiveSync mailbox policy to a user Mobile device policies can now be applied on a per-user basis.
1. Select Recipient Configuration 2. Double click on Owen Baker 3. Select the Mailbox Features tab 4. Select Exchange ActiveSync and click Properties Mailbox
103
5. Check Apply an ActiveSync mailbox policy 6. Click Browse 7. Select Standard 8. Click OK, Click OK
Use a mobile device with ActiveSync (Direct Push) Devices that incorporate Exchange ActiveSync maintain a secure connection with the server, receiving any new or updated e-mail, calendar items, contacts, or tasks as soon as they arrive on the server.
1. Follow the instructions in the Appendix (page 116) to connect a mobile device to Owen Bakers Exchange Server account. Note: If your Exchange Server is not connected to the public Internet, you will not be able to connect a mobile device to it. Skip to the next section if this is the case. 2. Use the mobile device to perform the following tasks. The specific commands for doing so should be intuitive and are not detailed here. E-mail: Tasks: View inbox, send mail, and receive e-mail View tasks, edit task details, add a new task Calendar: View calendar, add an appointment Contacts: View contacts, view contact details, call a contact Note: These capabilities are supported by a variety of in-market mobile devices. Some of the mobility capabilities introduced in Exchange Server 2007 require a next-generation mobile device, so they are not included in the Guided Tour: - View mail in HTML format - Set Out of Office - Inline message fetch - Search the server
View self-service mobile device options in OWA Users can view a list of mobile devices connected to their Exchange Server account from within Outlook Web Access.
1. Open Internet Explorer and navigate to https://localhost/OWA 2. Login with the following info: Username: Password: obaker P@ssw0rd
3. At the top of the page, click Options. 4. In the right pane in the Options list, click Mobile Devices. Note that a list of mobile devices connected to the Exchange Server is displayed. By selecting Remove Device from List, the user can remove a device that he or she is no longer using.
Remotely wipe data from a device If a user loses a mobile device, they can issue a remote wipe command from Outlook Web Access, rather than calling an administrator to do it for them.
1. Select the mobile device in the device list READ MORE ON PAGE 36
104
2. Click Wipe all data from device. Note: Do not carry out the following step unless you are through working with the mobile device and want to reconfigure it for a different user 2. Click OK to confirm that you want to wipe all data from the device. 3. Verify that the mobile device has been cleared of all data 4. Close Outlook Web Access.
1. In the Exchange Management Console, expand Server Configuration Click on the First Storage Group.
Mailbox.
2. In the Action pane (on the right side of the screen), click on Enable Local Continuous Replication. Click Next, use default locations (or browse to a new location, if desired) and click Next. 3. Click Enable. Click Finish. 4. Click the first storage group. Click Properties 5. Click the Local Continuous Replication tab. Verify that the Copy Status is Healthy.
1. In the Exchange Management Console, click Organization Configuration Transport. 2. Select the Transport Rules tab. 3. In Action pane, click New Transport Rule. 4. In the Rule name field type Forward looking statements. Click Next. 5. From the Condition list, select from a member of distribution list.
105
6. In the lower pane, click the distribution list link. 7. Click Add and select Finance. 8. Click OK, click OK, click Next. 9. From the Action list select append disclaimer text using font, size, color 10. Click the disclaimer text link and type: This e-mail may contain forward-looking statements. Under safe harbor provisions, these statements make no guarantees of future performance. 11. Click OK. 12. Click the smallest link and choose Normal, click OK. 13. Click Gray link and choose Red, click OK. 14. Click Next, click Next, click New, click Finish 15. Send an e-mail from Lucy Huff to Owen Baker. When the mail arrives, verify that a disclaimer has been added to the e-mail.
Apply a message classification using a transport rule Transport rules can be used to mark messages with specific message classifications. These messages will feature a special READ MORE ON PAGE 65 message banner when they are viewed in Outlook or Outlook Web Access. For example, all messages with a project code name can be marked as company confidential.
1. In the Exchange Management Console, click Organization Configuration Transport 2. In the Action pane, click New Transport Rule 3. Type Zune Company Confidential 4. Click Next 5. Check When the Subject field or the body of the message contains specific words 6. In the lower pane, click specific words 7. Type Zune. Click Add. 8. Click OK, click Next. 9. In the list of Actions, select apply message classification 10. Click message classification in lower pane 11. Click EXCompanyConfidential 12. Click OK, click Next, click Next, click New, click Finish 13. Switch to Outlook 2007 and view Lucy Huffs inbox. Send a message to Owen Baker with the word Zune in the subject body 14. Switch Outlook Web Access and view Owen Bakers inbox 15. Select the message from Lucy Huff. Note that there is a message banner displayed at the top of the banner that says Company Confidential This message contains proprietary information and should be handled confidentially Examples of other transport rules that can be created include: requiring encrypted delivery of certain message types, and notifying the compliance officer anytime a specific phrase appears in the subject or content of a message. Hub
Set up per-user journaling With flexible granular-level journaling, Exchange Server 2007 helps administrators protect their companys data and ensure compliance through archiving. Formerly available only on a per-
106
store option, journaling can now be triggered per database, per distribution list, or per user. Messages can be archived to any SMTP address, including an Exchange mailbox or a SharePoint site.
1. In the Exchange Management Console, click Organization Configuration Transport. 2. Select the Journaling tab 3. In the Action pane, click New Journal Rule to launch the New Journal Rule Wizard. 4. Type Owen Baker Temporary for the rule name 5. Next to the Send Journal reports to e-mail address, click Browse. 6. Select Luiz Bonifaz and press OK. 7. Click the Journal Messages for recipient checkbox. Click Browse 8. Select Owen Baker the person who will have all his messages journaled. 9. Click OK, click Next, click New. Click Finish 10. If desired, enable the rule and send a message from Owen Baker to Lucy Huff. Log in to Outlook Web Access as Luiz Bonifaz and verify that the journaled message was received. Hub
Configure Managed Folders With new Managed Folders, users can organize messages into folders that are provisioned and managed by the administrator. An automated process scans these folders to retain, expire or journal communications based on compliance requirements.
2. In the Action pane, click New Managed Custom Folder. 3. In the Name textbox type Contracts 4. In the Display the following comment textbox, type: This folder is for items relating to contracts between Northwind Traders and external parties. Items will be retained for five (5) years. 5. Click New, click Finish. 6. Right-click Contracts and select New Managed Content Settings. 7. In the Name textbox type 5 year retention 8. Click to select the Length of retention period (days) checkbox. 9. Type 1825 in the right-hand field. 10. From the Action to take at the end of the retention period drop-down list, select Delete and Allow Recovery. 11. Click Next. A Journaling options page will be displayed Note: When items expire, a copy of the message can be journaled to a SMTP-enabled records repository, such as Microsoft Office SharePoint Server 2007. In this example, we not set up journaling. 12. Click Next, click New, click Finish. 13. Click the Managed Default Folders tab. 14. Right-click Inbox and select New Managed Content Settings. 15. In the Name text-box type Inbox One Year Limit. 16. Click to select the Length of retention period (days) checkbox. 17. Type 365 in the right-hand field. 18. From the Action to take at the end of the retention period drop-down, select Delete and Allow Recovery READ MORE ON PAGE 66
Mailbox
107
19. Click Next, click Next, click New, click Finish. 20. Right-click the Inbox folder and click Properties. 21. In the Display the following comment textbox, type: Messages are deleted 365 days after being sent or received. Move messages that need to be kept longer for legal or business reasons to the appropriate managed folder. 22. Click OK. 23. Select the Managed Folder Mailbox Policies tab. 24. In the Action pane, click New Managed Folder Mailbox Policy. 25. In the Managed folder mailbox policy name textbox type Finance Policy. 26. Click Add. 27. Hold down the CONTROL key and select Contracts and Inbox. 28. Click OK, click New, click Finish.
15. Click Inbox. Note that there is a policy banner displaying the retention policy 16. Expand the Managed Folders folder, and click the Contracts folder. Note that there is a banner displaying the retention policy.
108
109
3. Select domain controller for new domain, or additional domain controller for existing domain. In this case well select domain controller for a new domain. Click Next.
110
5. If DNS is not configured, you will be prompted to configure or install DNS. Subsequent screens may ask you to specify a DNS Name and A NetBIOS name.
5. After installing and configuring DNS, specify the location for database and log folders, and click Next
111
6. Select folder location for shared system volume, and click Next
7. Set the default permissions for user and group objects. Select Next.
112
11. Click Finish and wait until the wizard completes the domain controller installation.
113
2. On the E-mail Accounts screen, verify that Yes is selected and then click Next.
114
3. In the Auto Account Setup screen, note that the profile information for the logged in user has been automatically filled in by the Autodiscover web service. Click the Manually configure server settings checkbox to change the login information. Click Next.
4. In the Choose E-Mail Service screen, select Microsoft Exchange and then click Next.
115
5. In the Microsoft Exchange Settings screen, enter the name of your Exchange Server. Type Lucy Huff in the user name box, and click Check Name.
6. Click Next, click Finish. If you are prompted to enter a username and password, fill in the following information and check the box so the information will be remembered.
User name: lhuff
Password:
P@ssw0rd
116
1. On the mobile device, click Start, click Programs, and then click ActiveSync. 2. Read the ActiveSync screen information and then click the set up your device to sync with it link. 3. In the Server Address box, type the URL of your Exchange Server. This is the same server name used for Outlook Web Access (with the /OWA or /Exchange omitted) 4. In the User name, Password, and Domain text boxes, fill in the appropriate information for a user in the Exchange organization 5. Select the Save password check box, and then click Next. 6. In the Choose the data you wish to synchronize box, click Calendar, and then click Settings. 7. In the Synchronize only the past drop-down list box, select All, and then in the upper-right corner, click OK. 8. In the Choose the data you wish to synchronize box, click E-Mail, and then click Settings. 9. In the Include the previous drop-down list box, select All, and then in the upperright corner, click OK. 10. Confirm that the four check boxes are selected, and then click Finish. Wait for ActiveSync to synchronize with the Exchange server. Watch as Contacts, Calendar, E-mail, and Tasks are synchronized from the Exchange server onto the device. This may take several minutes. You will see two animated circular arrows at the top of the device indicating that synchronization is being performed.
117
28% of workers say that using the right collaboration tools at work would save them up to five hours each week. - Survey by Harris Interactive in August 2004, quoted at http://www.transformmag.com/showArticle.jhtml?articleID=23902182
Employees who used the new Scheduling Assistant found the best available time to schedule a meeting in approximately 28 seconds; a 77% reduction.Microsoft usability study comparing Exchange Server 2007 scheduling tools with similar tools in Exchange Server 2003 (published internally).
By 2007 telework will be practiced by more than 60 million people. Gartner report: Management Update: Managing the Mobile and Wireless Workforce, by John Girard, April 28, 2004.
7 out of 10 phone calls go direct to voice mail. - Gartner report: The Knowledge Worker Investment Paradox, by Regina Casonato and Kathy Harris, July 17, 2002. The average American spends over 100 hours a year commuting to work (one-way), more time than they spend on vacation. - US Census Press Release. March 20, 2005. Accessed from http://www.census.gov/PressRelease/www/releases/archives/american_community_survey_acs/004489.html
118
By the end of 2008, half of all employees who access e-mail via PCs will also have access to wireless e-mail. Gartner report: Magic Quadrant for Enterprise Wireless E-Mail Software, 2H05, by Ken Dulaney and Monica Basso, Oct 11, 2005. Nearly 90% of professionals will carry mobile devices capable of receiving email by 2008. - Radicati Group, Hosted Email Market, 2005-2009, Aug 7, 2006
IT professionals spend up to 70 percent of their time maintaining existing systems. - Accenture study, 2004, quoted in http://microsoft.com/mscorp/execmail/2004/04-28manageability.asp
Exchange Server 2007 takes 12 screens to install, compared with 30 screens for Exchange Server 2003. The new design reduces the screen count by 60%. - Microsoft user experience research comparing Exchange Server 2007 user interface with Exchange Server 2003 (published internally). Over 60 percent of high-priority Exchange Server support calls are caused by configuration problems, not bugs in the product. - Microsoft Product Support If you want to change quotas for 20 accounts, it would take you over 100 clicks in the Exchange 2003 System Manager. In Exchange 2007 this takes a single line in the Shell. - Microsoft user experience research comparing Exchange Server 2007 management console with Exchange Server 2003 sysem manager (published internally).
The volume of email that businesses are storing is increasing by more than 60% each year, according to some analysts. - Gaining Control of the Storage Environment, by Sean Derrington, Oct. 11, 2006. http://www.itobserver.com/articles/1249/gaining_control_storage_environment/
64-bit x86-based systems accounted for 78.8 percent of all x86 servers sold in the first quarter of 2006. - IDC report, quoted at www.internetnews.com/entnews/article.php/3617791
Creating a meeting request and sending invitations using the Exchange Server 2007 Web Services API requires six lines of code, verses 200+ lines of code using DAV. - Microsoft IT employee
80 percent of the businesspeople surveyed say email is more valuable to them than the telephone. - META Group survey, April 2003, quoted at http://clickz.com/resources/email_reference/research_reports/article.php/2195611
119
The cost of spam in 2005 will come to $17 billion in the United States and $50 billion worldwide. - Ferris Research, The Global Economic Impact of Spam, 2005, February 2005.
An estimated 55 billion e-mail spam were sent each day in June 2006, an increase of 20 billion per day from June 2005. - Jupiter Research report: U.S. Email Marketing Forecast 2005 to 2010, February 2006
Internet users in the United States spend an average of three minutes deleting spam each day they use e-mail. - 2004 National Technology Readiness Survey, Center for Excellence in Service at the University of Maryland's Robert H. Smith School of Business and Rockbridge Associates, quoted at http://www.informationweek.com/story/showArticle.jhtml?articleID=59300834
The cost of incorrectly blocked e-mail is expected to be $107 million in 2006 -Jupiter Research report: U.S. Email Marketing Forecast 2005 to 2010, February 2006
During 2004, 78% of organizations were hit by viruses. - CSI and FBI Computer Crime and Security Survey, available for download at www.theiia.org/iia/download.cfm?file=9732
By the end of 2006, 71 percent of email sent worldwide will be spam Radicati Group report: Market Numbers Summary Update, Q1 2006," May 9, 2006.
74 percent of businesspeople say being without email would present more of a hardship than being without phone service. - Meta Group, quoted at www.clickz.com/resources/email_reference/research_reports/article.php/2195611
24% of organizations have had employee e-mail subpoenaed by courts and regulators. - Workplace E-Mail, Instant Messaging & Blogging Survey, AMA & The ePolicy Institute, 2006 - http://www.epolicyinstitute.com/survey/index.html
15% of companies have gone to court to battle lawsuits triggered by employee e-mail. - Workplace E-Mail, Instant Messaging & Blogging Survey, AMA & The ePolicy Institute, 2006 - http://www.epolicyinstitute.com/survey/index.html
Approximately 450,000 words per language are localized to give administrators and users access to features in their own languages. Exchange Server localization team